CHAOS MANOR MAIL
Mail 162 July 16 - 22, 2001
CLICK ON THE BLIMP TO SEND MAIL TO ME
FOR THE CURRENT VIEW PAGE CLICK HERE
If you are not paying for this place, click here...
IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature.
I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too... I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail.
Search: type in string and press return.
or the freefind search
If you subscribed:
If you didn't and haven't, why not?
Highlights this week:
Search: type in string and press return.
July 16, 2001
From Roland Dobbins
Subject: More serious Microsoft Security Madness:
Your website has provided me with a lot of knowledge for which I am grateful. As do your Byte magazine articles (Often I used to buy Byte magazine specifically for your columns.)
So, to my proposal (actually my son's proposal):
What about adding the functionality of a feedback mechanism to your website ala Slashdot.org's?
1. He downloaded and installed a Windows version of an open-source programming language and development environment specifically suited to the Internet and web serving called Zope. This was installed and tried out (using the built-in tutorial) within a couple of hours. It can be found at: www.zope.org. Actually, underneath it is based on Python - yet another open source product.
2. He then downloaded a complete message building and storage system based on Zope that is a complete website behaving exactly as if it were a clone of Slashdot.org. It (also open source) may be found at: www.squishdot.org. With the Zope/Squishdot environment running he was able to get his version of a Slashdot/Squishdot website together with some customizations and changes, up and running (including security extensions) in another couple of hours.
You may wish to follow up on this some time.
He can turn on his slashdot style website at our homesite IP if you would like to take a look at his modifications, and that it is truly as easy to set up and customize as he thinks it is.
On a previous topic:
We had a correspondence with you last year about a proposed science fair project he had in mind (building some kind of ion drive engine demonstrator). After reading what you had to say he agreed it was a bit too ambitious.
So, he decided to do his science fair project on "Protecting your home PC from Hackers, and Protecting your privacy on the web."
He analyzed various tools for the purposes of virus scanning, firewall, and ad-ware scanning. He did this with our home LAN network (disconnected from the internet) using one machine to attack another with port scanners, DDoS attacks, and other port damaging attacks to see which firewalls would work best (and also costed the least - as in free). He monitored this activity using a sniffer program on a third PC on the LAN.
He settled on the best firewall products available being: ZoneAlarm, and the Tiny Firewall (they also were both free for personal use). He also tested others such as the McAfee Firewall, the Symantec Firewall, and the BlackIce product (all of which he found to be more complicated than the average user could easily use or understand, all of which were also not free, and in the case of BlackIce actually failed some of his tests). He did this testing using hacker tools such as Subseven and Gibson's tools to evaluate both incoming attack defense and outgoing communications blocking. He used several port scanners since some did UDP port scanning, some IP port scanning, and some general Windows peer-to-peer sharing scans better than the others.
He then tested the ability of various Anti-virus tools to detect the Subseven trojan (which they all did successfully - though he found out that specific changes to newer versions of Subseven may render it undetectable or less detectable since it can now change its name to popular applications software - thereby masking itself.) At the time he chose CA's InoculateIT software as the free software of choice for anti-virus. Though, now it is no longer available for free from CA. He now recommends Norton or McAfee Anti-virus though they are not free. But both also integrate with email products to check emails and attachments, as well as checking downloaded files and html via integration with the web-browser.
Lastly, he chose Ad-Aware for his anti-adware software (to remove software that monitors your activities on the web - either web browsing or web downloading). It also is freeware.
He earned a 4th place in his school for technology in the science fair. Plus he made a handout to give to anyone at the science fair about what he recommended be done to protect oneself from hackers. It covered on a single page the reasons why one should: 1. install a firewall, 2. install anti-virus software, 3. install anti-adware software, and what freely available software one could download from the web to serve these purposes.
In the process of making his science fair project he corresponded by email with several professors at the Carnegie-Mellon University CERT Institute and with Steve Gibson. He read several of your discussions about home PC internet-security and scanned much of the mail postings on your website to find sources, recommendations, and confirm his ideas. Thus, he thought I might mention to you the Squishdot software to build an interactive discussion website based on what you decide to post there.
Again thanks for your articles and postings. Both he and I enjoy your books as well.
Oliver H. Richter email@example.com
There are several ways I might add an unattended "feedback" system here, but I think there are plenty of such on the web. Whatever value my mail page has is largely due to my selection of what is here: by being selective I discourage the "me too" and "you're a dolt" messages that seem to predominate in other places. It's pointless to send them to me since I don't post them, so I don't get them: what I do get is pretty high quality of well thought out letters. I think I might not be so fortunate if I had a way for people to put up whatever they felt like.
I get the suggestion from time to time, and I have not ignored it: it's that on reflection I think it best not to act on it.
Thanks for the story about the science fair. What in the world won first place under the circumstances?
Now for something different:
Dear Dr. Pournelle, The latest crypto-gram from Bruce Schneier is out at http://www.counterpane.com/crypto-gram-0107.html
His latest worry is the convergence of telephony and the internet, and using internet protocols to control the telephone networks. Some quotes: "This means that telephony, which has heretofore been slow and methodical and reliable, will become as freewheeling as the Internet. " ... "I am terrified at the security implications of these services." ... "And think about reliability. The one thing about the telephone system is that it just works. That reliability is very hard to engineer using Internet protocols. As the phone system starts to look more and more like the Internet, it will become as reliable as the Internet. " ... "This means that it will fail, catastrophically, once in a while."
Mr. Schneier is a security expert who does less yelling than Mr. Gibson, but seems to have more knowledge. (He wrote Applied Cryptography, the standard reference.) He was the first person I heard that noted that insurance costs might begin to drive the adoption of Linux, and other unixes, over Windows.
Kit Case firstname.lastname@example.org
One ignores Mr. Schneier at one's peril. He may not always be correct but he is certainly worth one's attention.
I'm re-reading This Kind of War by T. R. Fehrenbach. On page 59, he says "Harry Truman had ordered troops into action on the far frontier. This was the kind of order Disraeli might have given, sending Her Majesty's regiments against the disturbers of Her Majesty's peace. Or the emperor in Rome might have given such a command to the legions when his governor in Britain sent word that the Picts were over the border."
Oops. There it is.
He had this to say on page sixty: "Citizens fly to defend the homeland, or to crusade. But a frontier cannot be held by citizens, because citizens, in a republic, have better things to do."
Fehrenbach said that Truman did not have a professional army at his disposal; he had an army of citizen soldiers, mostly conscripts. Today, however, we have a professional all-volunteer army, suitable for an empire.
And of course Ted Fehrenbach wrote during the Seventy Years War.
Dear Mr. Pournelle,
I greatly enjoyed Barzun's Dawn to Decadence (enough to have read it 3 times already) while remaining totally infuriated with the lack of an end of the book bibliography. In the first read-through, I was charmed with the quotes at the sides of the pages and the mentions of books to follow up with. I fully intended to, at the end, sit down at my computer and dialup my local libraries, using the "standard" bibliography at the end and request the books that looked interesting. I was therefore greatly frustrated to discover that I was going to have to look at every page again to find those **** book references.
He's certainly been an educator long enough to know better. Making his recommendations difficult to followup on rather than easy certainly detracts from the extraordinarily interesting overview of the last 500 years he provides.
I mention this to you only to suggest that you insert a caveat when recommending a book like this - something to the effect that contrary to common practice, the bibliography is referenced only in the text, and not as a list at the end. Otherwise, I thoroughly enjoy your book recommendations and wish you made more of them, as they are for me the most useful part of the column. I enjoy the discussions of the various hardwares and softwares, but they remain mostly academic for me as I have only minimal needs for my computer to fulfill .
Agreed that the lack is annoying, and I can only presume it was a publisher decision to save costs. I doubt anyone expected it to be a best seller. And thanks for the kind words.
Subj: Citizens, Soldiers and Service to the Nation
Those of your readers who feel deprived when you go incommunicado to work on fiction -- which, by the way, I wish you would do more often and for longer periods -- might try some of the online professional military publications.
For example: _Parameters_, the quarterly journal of the US Army War College, has its Summer 2001 issue at
One collection of articles within the issue is "Citizens, Soldiers and Service to the Nation".
|This week:||Tuesday, July
Begin with a comment from Carol Iannone posted in a different forum and reprinted here with permission. The subject was the recent race riots in Britain, and some commentary on those by the Bennets:
Ridicule is not really a weapon, or if it is, it is often the weapon of the powerless. The powerful can often endure jokes which don't really touch their power. There were numerous jokes in the Soviet Union about the government but it still lasted decades and decades. The system did eventually collapse, but not until it had done enormous and probably irreversible damage to Russia and to many generations of people who have, after all, only one life to live on this earth, and cannot always wait for the better tomorrow that is always being promised.
Prophesies about bad policies peaking or coming to an end and so forth are not helpful and only serve as palliatives, assuring lazy people that they don't have to exert themselves to do anything to stop the policies Bright young people this very day are are being propagandized with multicultural nonsense in lieu of a real education, and thus each generation is getting further and further from understanding how our country was founded and how it can be sustained. If you do get a rebellion, it will be more the kind of cynicism Lytton Strachey aimed at the Victorians, or the furious nihilism Russian intellectuals aimed at their country, both of which turned out to be poisonous for their societies.
The instinctive rebellion of young people today to what they have been taught is of little use. It has to be based on an understanding of truth which in our society thanks to multiculturalism and political correctness and massive immigration, is hard to speak or to hear spoken in the public forum.
Every sentence of that is worth reflection.
It appears that Russia and China have just agreed to closer ties. And the Chinese, a nation which is aggressively expanding its influence (for example, laying claim to islands far from its shore, laying claim, in fact, to the entire South China Sea), have been awarded the Olympics in 2008. It all seems so familiar.
In the runup to the last unlimited war, the international gave the Olympics to an aggressively expanding Nazi Germany. And the Soviet Russians made an agreement with them (they split up Poland, for example; the current eastern border of Poland is where they divided it).
In the end, because the Germans wanted what the Russians had, the Germans decided to try to eat Russia. Today, we know that Siberia has many things that the Chinese covet. We also know that Siberia is lightly settled with potential defenders of the Fatherland. We also know that China has ancient claims on Siberia, and they don't forget such claims.
Don't the Russians ever learn?
[If you publish this, please don't use my name]
Apparently the Russians do not ever learn. They will.
Now for something else:
From: Nancy Guiles [mailto:email@example.com]
Sent: Saturday, July 14, 2001 5:25 PM
To: Sue McCune Subject: GI Pay
Deserving of a Medal or $$
On 12 Jan, Ms. Cindy Williams (from Laverne and Shirley TV show) wrote a piece for the Washington Times denouncing the pay raise(s) coming service members' way this year-citing that the stated 13% wage gap was bogus. A young airman from Hill AFB responds to her article below. He ought to get a bonus for this!
Ms. Williams: I just had the pleasure of reading your column of 12 Jan 00, "Our GI's earn enough" and I am a bit confused. Frankly, I'm wondering where this vaunted overpayment is going, because as far as I can tell, it disappears every month between DFAS (The Defense Finance and Accounting Service) and my bank account. Checking my latest leave and earnings statement (LES), I see that I make $1,117.80, before taxes. After taxes, I take home $874.20. When I run that through Windows Calculator, I come up with an annual salary of $13,413.60 before taxes and $10,490.40 after.
I work in the Air Force Network Control Center (AFNCC), where I am part of the team responsible for the administration of a 25,000-host computer network. I am involved with infrastructure segments, specifically with Cisco Systems equipment. A quick check under jobs for Network Technicians in the Washington, DC area reveals a position in my career field, requiring three years experience with my job. Amazingly, this job does NOT pay $13,413.60 a year, nor does it pay less than this. No, this job is being offered at $70,000 to $80,000 per annum. I'm sure you can draw the obvious conclusions.
Also, you tout increases to Basic Allowance for Housing and Basic Allowance for Subsistence (housing and food allowances, respectively) as being a further boon to an already overcompensated force. Again, I'm curious as to where this money has gone, as BAH and BAS were both slashed 15% in the Hill AFB area effective in January 2000. Given the tenor of your column, I would assume that you have NEVER had the pleasure of serving your country in her armed forces.
Before you take it upon yourself to once more castigate congressional and DOD leadership for attempting to get the families in the military's lowest pay brackets off AFDC, WIC, and food stamps, I suggest that you join a group of deploying soldiers headed for Saudi. I leave the choice of service branch up to you. Whatever choice you make, though, opt for the SIX month rotation: it will guarantee you the longest possible time away from your family and friends, thus giving you full "deployment experience." As your group prepares to board the plane, make sure to note the spouses and children who are saying good-bye to their loved ones. Also, take care to note that several families are still unsure of how they'll be able to make ends meet while the primary breadwinner is gone--obviously they've been squandering the vast piles of cash the DOD has been giving them.
Try to deploy over a major holiday; Christmas and Thanksgiving are perennial favorites. And when you're actually over there, sitting in a DFP (Defensive Fire Position, the modern-day foxhole), shivering against the cold desert night, and the flight sergeant tells you that there aren't enough people on shift to relieve you for chow, remember this: trade whatever MRE you manage to get for the tuna noodle casserole or cheese tortellini, and add Tabasco to everything.
Talk to your loved ones as often as you are permitted; it won't nearly be long enough or often enough, but take what you can get and be thankful for it. You may have picked up on the fact that I disagree with most of the points you present in your op-ed piece. But, tomorrow from Sarajevo, I will defend to the death your right to say it.
You see, I am an American fighting man, a guarantor of your First Amendment rights and every other right you cherish. On a daily basis, my brother and sister soldiers worldwide ensure that you and people like you can thumb your collective nose at us, all on a salary that is nothing short of pitiful and under conditions that would make most people cringe. We hemorrhage our best and brightest into the private sector because we can't offer the stability and pay of civilian companies. And you, Ms. Williams, have the gall to say that we make more than we deserve?
A1C Michael Bragg Hill AFB AFNCC
IF YOU AGREE, PLEASE PASS THIS ALONG TO AS MANY PEOPLE AS POSSIBLE AND SHOW OUR SUPPORT OF THE AMERICAN FIGHTING MEN AND WOMEN. THANK YOU. THIS LETTER SHOULD BE APPLAUDED BY ANYONE WHO'S EVER SERVED OR HAD A FAMILY MEMBER SERVE IN THE ARMED FORCES! THIS YOUNG MAN DESERVES A MEDAL.
I am not sure any comment is needed. They aren't "our" bombers any longer... Alas, there is more to this story. See below.
On yesterday's comments
Your "Current View" opinion of the actual results of the Vietnam War largely reflects my own. As a young USAF officer, I was deeply ashamed at our failure to live up to our commitments during the 1975 invasion of South Vietnam. Over the next several years I boiled each time some airhead blamed the fallout from that failure (boat people, reeducation camps, the Cambodian killing fields) on the ten years or so of American involvement, rather than on our refusal to resupply the South in their time of need. It was that refusal that took the heart out of the South Vietnamese and led to their collapse.
At the time, Poul Anderson's Flandry series appeared to be the remaining appropriate model for us professional military men. Holding off the Long Night, one might say. It was only after the 1980 election and the rebuilding of our strength and purpose that I came to realize that Vietnam was but one episode in the long struggle. While I wouldn't go so far as to call it a victory, it certainly did contribute to our success in the long run.
This truth struck me forcefully just last week. As a USAF civil servant, currently serving at U.S. Transportation Command (USTRANSCOM), I was sent to Prague to give a few briefings on our strategic air mobility techniques within a NATO context. The military professionals of the Czech Republic were very eager to learn our methods and were quite willing to discuss the past over a few beers. They certainly had noticed the decline of Soviet power, even as our own strength grew. The week ended with the Czechs informally asking about the chances of a bilateral agreement for airlift to enable them to more fully participate in NATO operations. Victory, indeed.
I applaud your efforts to set the record straight. This is especially helpful for all those Vietnam veterans who might still suffer from the idea that our struggle in that unhappy country was a useless effort. Their service there contributed materially to our eventual triumph.
v/r, Mike Spehar, Major, USAF (Ret)
From: Steve Setzer Subject: the next 70 years' war
Thanks for the summary (Monday July 16 2001 VIEW)--you've said much of it elsewhere, but that's a great capsule summary of some of the key long term effects of Viet Nam.
1) Do you think it is as important to US security to take down the Chinese Communists as it was to take down the USSR?
2) If the answer to 1 is "yes", is the area around Taiwan a reasonable place to stage a war of attrition?
3) If the answer to 2 is "no" as I think it is, how else do we get them to overstress their economy?
These are not intended as cynical questions, though they may be viewable as such.
My own view is that the answer to (1) above is "no". The Chinese are not the threat to the West that the USSR was. To begin with, the legitimacy of the Chinese regime not only does not rest on a chiliastic movement with the goal of reforming the entire world, but doesn't even come close to it. The Chinese are not terribly interested in barbarians, and don't show a lot of interest in expansion beyond the greatest extent of the old Chinese Empire: and they have most of that.
They are interested in the fate of overseas Chinese, but I don't think we need worry about their interventions in San Francisco or Vancouver, BC.
What we do need is a realistic assessment of our objectives in the Far East, including what obligations we have to Taiwan and Japan. These two are, I would think, natural allies once they get over various prejudices. Of course Korea fears Japan more than China.
I certainly do not think China a threat large enough to make war of any kind attractive, whether waged by us or through client states. But then I don't want client states, either.
US technology is or could be good enough to maintain a Navy and a defense establishment pretty well invulnerable to anything any combination of enemies could bring to bear in the next decade. But recall the three metamissions.
Yours is an interesting perspective on the Viet Nam war. I recall a PBS documentary on the history of aerial bombing, with perhaps a faint tinge of leftist propaganda to it, showing an American RF-104 jet getting shot down by a North Vietnamese SAM crew, a "Home Guard" unit of Vietnamese soldiers pulling the wrecked jet out of a river, and a group of villagers melting down the aluminum to make pots and pans. I suppose it was immensely satisfying if you were on the receiving end of the bombardment to eat from pots made from the chariot of the enemy warrior you had just killed, and I suppose PBS was making the point that a Stone-Age society could defy the technical prowess of the American war machine.
Missing from the equation was the SAM radar van, erector-launcher truck, and the numerous SAM rounds one had to shoot for every new batch of pots. Factoring that in, it was remarkably expensive kitchenware coming out of Moscow.
On the other hand, using multi-million dollar jets to blow up cheap Russian trucks had a certain kind of cost inefficiency -- somewhat like using million-dollar Patriot rounds to attempt to blow up low-tech Scud missiles. To the extent that we were able to bankrupt the Soviet Union in this manner suggests how poor they have always been.
The war exacted costs on America too: besides over 50,000 dead, it exacted a toll on the economy (i.e. the well being of working men and women across the country), and it brought home a drug problem which we still haven't licked. Was it the right decision is hard to say, but yours is an interesting point that to view the war as a pointless struggle between a superpower and a third-world country is missing the big picture.
Paul Milenkovic Madison, Wisconsin
The alternatives were worse. It is easy to forget just how much despair there was in the 60's and early 70's. No less a figure than Henry Kissinger thought his mission was to negotiate successful terms of surrender for the West letting us last as long as possible.
In a word, most of the intellectual establishment and much of the political establishment of the US thought the West was doomed. James Burnham's observation that Liberalism is a philosophy of consolation for the West as it commits suicide was not thought quaint at that time: it was in fact what many believed. The number of people who thought like Possony -- "These tyrannies don't last" -- and Duke Kane and Bernard Schriever who thought we could win through a Strategy of Technology was quite small.
It was a silent and sometimes apparently peaceful war; but it was also a protracted conflict and the US is not good at those. The campaign of attrition in Viet Nam much hastened the collapse of the USSR.
Today we see that the USSR was a great deal more vulnerable than we supposed; but in the 60's the CIA and the Department of State devoted considerable resources to ridiculing Possony's estimates that the USSR was spending at least 35% of its GNP on military stuff, and was in deep trouble. As late as 1985 the US Army Intelligence estimates were that East Germany was loyal to the Warsaw Pact, and that the East German economy was not much below that of West Germany: this was taught to young intelligence officers as truth and gospel. I have good reason to know this. They were also not taught anything about irredentism and other concepts of international politics. Again I have good reason to know.
Viet Nam was needless in the sense that we could have devised better strategies. We did NOT devise better strategies, and were not about to do so: and thus Viet Nam was quite necessary in bringing down the USSR.
Re your statement: Of course that was the right strategy: to appear to be losing and stay in. I doubt Bundy or Johnson or any of the generals understood that. I think Possony did. At the time I did not; it was only later that I realized that a war of attrition was precisely what would bring the USSR low, after which the threat to negate the missiles and turn them into just another 3rd world country brought them down.
It seems logical now that Vietnam proved to be a drain on the Soviet Union. However, do you think that anyone at all in a position to influence the course of the war believed that at the time? Wasn't the perception, at that time, that the Soviets had just as much production capability as we did? (I was of draft age in 1969-70...and loaded with testosterone so my memory of that time isn't clear!)
Mark Huth firstname.lastname@example.org
The moral arc of history is long indeed, but it always bends toward justice. MLK
Most of the US establishment believed that the USSR had a high production capability and that they spent no more than 15% of their GNP on military equipment including what they sent to Viet Nam. Some of us knew better, particularly Stefan T. Possony, who had a continuing study of Soviet Leadership and economics for the Air Council. Some influential members of the USAF and the US Intelligence establishment -- Schriever and Kane, Daniel Graham, among others -- knew better.
No one quite dared say that "lose it and stay in" was a good strategy. In 1962 in a speech I made in Chicago I said as much, but the continuing strain was enough that by 1968 I no longer believed it, and agitated for quick and decisive action in Viet Nam. Only Possony seems to have know better all along. He was also influential in paving the way for the de facto alliance between the US and Red China. His lectures included vulnerabilities of Soviet Asia to the Chinese. "And they they are out of the Empire business when they lose Pacific Russia," he was fond of saying. Some of his students were part of the Nixon establishment, and although Kissinger purged all of Possony's people when he could identify them, Nixon did go to China, and Kissinger did well in those negotiations.
The official view of the US was that the USSR was not in economic trouble. Some of us knew better.
And Roland on the young man with his science project:
Subject: That Kid
needs to go back to school. ZoneAlarm and TinyFirewall are both minor-league.
Roland Dobbins <email@example.com>
Which is of course true, if a bit tactless. See the sidebar on security in my June/July BYTE.COM column. On the other hand, that kid is at least aware that there is a problem.
The real problem with minor league programs is that they may encourage you to feel safe when you are not. On the other hand, they are better than nothing at all.
Dear Dr. Pournelle:
Your site had a Rolland-supplied link (and just the word "Beware") to a MS tech bulletin announcing another Outlook leak - I'm not using Outlook, but I followed the link out of curiosity.
Here's what surprised me: the tech bulletin includes a FAQ (on the same page, halfway down) and here's what I found:
Frequently asked questions
The Summary section discusses a configuration change rather than a patch. Why isn’t there a patch available for this issue?
The person who discovered this vulnerability has chosen to handle it irresponsibly, and has deliberately made this issue public only a few days after reporting it to Microsoft. It is simply not possible to build, test and release a patch within this timeframe and still meet reasonable quality standards.
I would think (and I must have read this argument a few times over the years over the web) that it is better to announce such vulnerabilities AT ONCE so that people interested in protecting themselves can employ the work-arounds right away (e.g. disabling AptiveX controls, etc) rather than wait weeks or months for Microsoft to address the issue. They have the nerve to call people "irresponsible" for alerting the rest of us. Microsoft must consider PR (ie, silence about MS software vulnerabilities) more important than your data.
Cheers! François Kupo Ottawa
I tend to agree with the view that timely warning is best, but it depends. Most vulnerabilities are in fact found by experts before they are exploited "in the wild", and thus having the vulnerability and the fix released at once is best when that is possible.
three from Roland Dobbins:
Subject: Russian arrested for giving talk 'in violation of the DMCA' Thoughtcrimes come to America: Subject: The presentation that got a Russian arrested by the FBI at DefCon Adobe PDF format, viewer available from http://www.adobe.com:
Subject: Russian arrested for giving talk 'in violation of the DMCA'
Thoughtcrimes come to America:
Subject: The presentation that got a Russian arrested by the FBI at DefCon
Adobe PDF format, viewer available from http://www.adobe.com:
Subject: More on Russian's arrest after giving his presentation
This is a serious matter.
July 18, 2001
Subject: GI Pay - an Urban Legend?
In Tuesday's (17th July) Current Mail you published an email from Nancy Guiles.
May I direct you and your readers attention to: http://www.snopes.com/inboxer/outrage/gipay.htm he substantive points from the page are: The article did appear on 12th January 2000 in the Washington Post (not Times) It was written by _a_ Cindy Williams who is a senior research fellow at the Massachusetts Institute of Technology and was once assistant director for national security in the Congressional Budget Office The full text of the article can be found here: http://web.mit.edu/ssp/db21/GIs.html
Toodle pip, Roy -- "... the fundamental design flaws are completely hidden by the superficial design flaws." Douglas Adams (1952-2001): So Long and Thanks For All The Fish.
I thought this entry from the Urban Legends Reference Pages might
Once again, sopes.com reveals the truth!
The Russian was arrested on the basis of the DMCA. But the utility for which the Russian was arrested was not for sale in America when he was arrested.
It is also highly debatable if the utility is a violation of the DMCA because it only is usable by persons who own the Ebooks it operates on, and you need to provide the password to use the utility. So it is a utility with a lot f non infringing uses (fair use anyone). A highly informative column about the issue is to be found here:
"In Russia, apparently, it's illegal to sell software without the ability to make "at least one backup copy of the data it works with." So? That's Russia. I'm in the U.S., land of the free and so on. What does it matter if a Russian company makes software that enables the purchaser but no one else to make a backup copy of data sold by foreigners who violate Russian law?
And Dan Spisak was there:
Was looking for more info on Dmitry Sklyarov and found this article from one of the local Las Vegas papers:
Geeze, looks like if you try to educate companies and people about flaws in their encryption methods you get to go to jail. This is double ridiculous as the encryption method Adobe's eBook is using is based off of rot13 encoding (read: your mail program could crack the encryption with a little help, but not much).
How can we expect to get peer review of future cryptological systems like AES when the DMCA allows a corporation using AES to persecute someone for showing how to break a protection mechanism (in the case the companies use of AES). It is entirely possible that I am wrong on this scenario since I am not a laywer but it is looking more and more like that will be the norm soon.
How do you get a secure encryption standard when there is a law on the books that will basically get you thrown in jail for up to 5 years and fined up to 500,000 for showing potential weaknesses in that standard? This makes no sense to me, it is madness.
There was more in the business section of the Wednesday Los Angeles Times.
And Roland says:
Media attention needed - boycott of Adobe justified, in my opinion.
Let us debate this. Is Adobe blameworthy for insisting that a bad law which favors Adobe -- or appears to favor Adobe -- be enforced? Is this the time and place to make this stand?
The Constitutional issues concern me greatly.
The Inquirer has a transcript of part of an interview with the head of Elcomsoft, who it turns out is ex-KGB. It also turns out that Elcomsoft did some work for the FBI. I guess our government agencies can only use lies and deceptions now.
On the Viet Nam issue:
I have been reading with some interest your email & replies regarding the effect the Vietnam war had on the fall of the Soviet Union.
My only comment is one of personal experience. In the summer of 1968 I was part of a small group of teenagers allowed to visit the soviet Union as part of a grand European Tour. After spending a week visiting sites from Leningrad to Moscow three images stood out in my mind.
1) Lavish "Intourist" hotels surrounded by hordes of street people willing to do or sell anything for blue jeans or ball-point pens. This was what I thought third-world countries would be like.
2) Viewing the Ostankino TV tower outside Moscow from a train, then the worlds tallest structure, listening to our Intourist guide proclaim the Soviet Unions superior technology, while at the base of the tower local farmers ploughed their fields using oxen.
3) In our Hotel Mokba in Moscow one evening we listened to a fusillade of gunshots outside followed by sirens and more shooting. The next morning we asked the hotel manager what had happened only to be told that "Nothing happened, we have no crime in the Soviet Union."
After a week in the "Peoples Paradise" I wrote my parents that all it would take to bring down communism would be to send bombers over the USSR to drop TV's, and blue-jeans.
The rot in the heart of the Soviet economy was there for anyone to see.
------------------------------------- "Consensus is the Absence of Leadership" ------------------------------------- Harold B. Combs Messaging Manager WorldCom Asia Pacific - Hong Kong
It was there to see but in fact neither the State Department nor the CIA saw it. I was in the USSR with Richard Pipes in 1989 (a World media Association meeting, with Pipes, Georgey Ann Geyer, Tom Bethell, de Borchgrave, and a number of other well known journalists) and we saw it; but the CIA was still insisting that the USSR was solvent, and that under 20% of GNP went to miitary matters.
In fact there were two USSR economies. One couldn't make shoes and was notorious for taking good raw materials and turning them into worthless junk. The other made the military equipment and send rockets behind the Moon before the US could do that. It was out of that second economy that all the materiel sent to Viet Nam came.
This letter is one of several:
My dear Doctor Pournelle, Please accept my thank you for your clarification of the Viet Nam war. I am an old Viet Nam boy, and to my shame I internalized to much of the Leftist lies. I lost my sweet boyish laughter over there, and cannot say how wonderful it is that I am persuaded that my, and my comrades in arms, effort was not in vain. Not in vain, more, crucial to Victory. I am not able to judge your analysis because I wish so much that it be true. Thank you again. If I can be of help to you, please let me know. Enjoyed your "Johny Christian" stories, and would walk to Sparta if I knew the way. Would love to see another Sparta story, especially of grown up politics. You have affected my life. Thank you again.
Most respectively, Paul
Had we given the USSR a free ride into Southeast Asia, there would still be a USSR and there would still be 20,000+ nuclear weapons aimed at the United States of America. Our young men and women would still be sitting in holes over Christmas hoping not to hear that klaxon and the dread words, EWO EWO Emergency War Orders, Emergency War Orders, I have a message in five parts, Tango, Xray...
On the Science Pr0ject:
I wanted to say that I really liked your sidebar on Byte. Can that be featured there somehow? It is rather hard to find.
Mr. Dobbins statement that ZoneAlarm and Tiny Firewall are minor league is quite true. On the other hand he is viewing this from the professional IT person viewpoint, or the professional hacker viewpoint of 'with sufficient skill I can crack into any firewall and network and system'.
However, my son chose these products specifically because the are freeware, his criteria being that the average user will not have the money for routers, firewalls, and other hardened products. The average user has just spent 1 to 2 thousand on a PC for Internet access, first of all most do not know there is a possibility of hacking, second they do not have the money or expertise to know what to get or do about it. Are we to say to them, "Do not get onto the internet for email, research, work, etc. without a costly router, more costly firewall, and professional equipment for protecting your PC?" Should we propose a cost that is similar to or higher than the PC they just purchased? This may be affordable for corporations but is not for the average home user.
Second, the home user does not have the expertise to use products that require steep learning curves, classes, large and involved manuals, or just much time to learn. So, simplicity was the second most important aspect my son wanted to incorporate. He thought the average user will not use a product or tool or will quit using it if it is not easy to use, setup, update, or secure. We cannot assume people have the time or patience to do this kind of "work". They are using the PC to do their hobbies, their jobs at home, their school work.
They also do not know to read forums such as Chaos Manor. We can help by pointing them to Chaos Manor and other forums.
Again, in the corporate environment we can afford to pay sys. admins. to do these things. Not at home.
We can help as Chaos Manor does by warning people, by helping them to get started with security of multiple levels: that built into the OS, that built into the applications (email, browsers, office suite, etc.), that built into a firewall program, that built into a virus scanner. Ought not some of these features be turned on by default in the OS, or in the applications? People cannot be expected to know such settings or tools even exist if there is no security tutorial in the OS or applications, or if it is not the default.
The multiple levels of protection only provide 'some' probably 'reasonable' protection from the lower levels of attack - as you said better than nothing. As regards a determined skillful hacker, which I think Mr. Dobbins had in mind, ah well... we can all imagine the outcome. No amount of security can stop all attacks. So how much of this burden do we propose should be placed on the average user, and not on the operating system or application manufacturer?
I find it incredible and sad that so many 'IT' and 'security' people discredit the average person or their intellect for using their PCs "naively" and not realizing or paying "enough" attention to the security aspects. When, in fact, it is the case that many average users have become dependent on the Internet and their PCs for their living, their communications, their medical information needs, etc. Their intellect is spent on other "more important things", such as finishing up work tasks from home, doing school assignments, doing research on whatever topic they normally are very creative with, or just keeping in contact with friends and relatives. Yet they only have enough knowledge about PCs to get email to work, and the web browser to work, and the printer.
We 'IT' people tend to forget that 90% of all people are users of computers, not programmers with a deeper understanding of how the CPU works, or how the Internet works. I have been in IT for more than 20 years and am still try to do the Industrial Engineering/ Operations Research thing of simplifying what is complex so that the average person can use it more efficiently. Which is what you do with the Chaos Manor website so well.
Taking the attitude that it is up to the end user to build in security is like asking him to build into his car the bumpers, air-bags, and seatbelts, all by himself. Should we force travelers to build in the safety features normally built into an airplane while waiting for their flight at the airport? We have left the average PC user hanging without proper forethought on the part of software and hardware designers about what could go wrong, or be broken into by malicious people.
Already many ISP email services are starting to scan email attachments for viruses. This central scanning was common in the corporate world several years ago. This was not inexpensive in the end user PC world until recently. So, we know that these kinds of threats are better handled at the central server level. Why do we insist that it is the "naive" end user that must have the security features and knowledge required for server level security products?
I worry that the government will get the idea that only through regulation will the security issues be alleviated, or made secure.
I do not want more government.
Oliver Richter firstname.lastname@example.org
July 19, 2001
From Roland Dobbins:
This is the most serious worm since RTM's original 'Internet Worm'; besides aggressively scanning to look for other vulnerable IIS servers, any organization denying and then logging http traffic on their routers and/or behind their firewalls may well see those devices get bogged down under the load of logging the thousands upon thousands of scans this worm performs in order to try and propagate itself.
The worm has now also started a DDoS attack against http://www.whitehouse.gov; network administrators may wish to either a) block outbound http traffic from their networks to http://www.whitehouse.gov and/or b) log traffic going to www.whitehouse.gov and then grovel through it in hopes of identifying any infected machines.
The fault for this situation lies with Microsoft for writing sloppy, insecured code, and with sysadmins worldwide who don't bother to install security fixes. The fix for this problem - http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp - has been available for over a month.
Note that this attack has absolutely nothing to do with packet spoofing, raw sockets, or Windows XP.
And now there's this from Sue Hume:
I went looking in the archives of the Washington Times (www.washtimes.com) for the alleged Cindy Williams (aka Laverne or Shirley) piece on military pay. I wanted to see what she had said that had elicited such a response. I failed to find anything by Ms. Williams the actress.
A google search, however, turned up the letter you published on two other sites:
And then, in a Northern Lights search, I discovered that Ms. Williams was not the Ms. Williams from Laverne and Shirley, but rather a fellow from a think tank.
"In a military town like Norfolk, I bet Cindy Williams' article has drawn a lot of flak from your readers," e-mailed one reader. He was referring to a Jan. 14 op-ed column, "Military pay is more than enough" by Ms. Williams, a senior research fellow at the Massachusetts Institute of Technology. (The Virginian-Pilot and the Ledger-Star, Norfolk, Va 1/23/2000)
A visit to the MIT (www.mit.edu) website revealed this:
Dr. Cindy Williams MIT Security Studies Program
You can see some of her work at:
Here's an article on transforming the military:
And at this hour I don't know what I think about all that...
FIRST, an additional note from Roland regarding last night's alert (If you have not read that go do so now):
Network administrators should be blocking 126.96.36.199
, which was the old IP for www.whitehouse.gov (White House IT types
wisely changed their DNS and blackholed the route to this hardcoded
NOW the OFFICIAL Red Alert:
Cisco Security Advisory: "Code Red" Worm Customer Impact
Revision 1.0 For public release 2001 July 20 12:00 UTC _________________________________________________________________
A malicious self replicating program known as the "Code Red" worm is targeted at systems running the Microsoft Internet Information Server (IIS). Several Cisco products are installed or provided on targeted systems. Additionally, the behavior of the worm can cause problems for other network devices.
The following Cisco products are vulnerable because they run affected versions of Microsoft IIS:
* Cisco CallManager * Cisco Unity Server * Cisco uOne * Cisco ICS7750
Other Cisco products may also be adversely affected by the "Code Red" worm. Please see the Affected Products section for further details.
The worm and its effects may be remedied by applying the Microsoft patch to affected servers, http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ security/bulletin/MS01-033.asp.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml .
The following Cisco products are directly vulnerable because they run affected versions of Microsoft IIS:
* Cisco CallManager * Cisco Unity Server * Cisco uOne * Cisco ICS7750 * Cisco Building Broadband Service Manager
Other Cisco products may be indirectly affected by the IIS vulnerability (this is not an exhaustive list):
* Cisco 600 series of DSL routers that have not been patched per the Cisco Security Advisory, http://www.cisco.com/warp/public/707/CBOS-multiple.shtml , will stop forwarding traffic when scanned by a system infected by the "Code Red" worm. The power must be cycled to restore normal service. * Cisco Network Management products are not directly affected but might be installed on a Microsoft platform running a vulnerable version of IIS.
The "Code Red" worm exploits a known vulnerability in Microsoft IIS by passing a specially crafted URI to the default HTTP service, port 80, on a susceptible system. The URI consists of binary instructions which cause the infected host to either begin scanning other random IP addresses and pass the infection on to any other vulnerable systems it finds, or launch a denial of service attack targeted at the IP address 188.8.131.52 which until very recently was assigned to www.whitehouse.gov. In both cases the worm replaces the web server's default web page with a defaced page at the time of initial infection.
The worm does not check for pre-existing infection, so that any given system may be executing as many copies of the worm as have scanned it, with a compounding effect on system and network demand.
As a side-effect, the URI used by the worm to infect other hosts causes Cisco 600 series DSL routers to stop forwarding traffic by triggering a previously-published vulnerability. Any 600 series routers scanned by the "Code Red" worm will not resume normal service until the power to the router has been cycled.
The nature of the "Code Red" worm's scan of random IP addresses and the resulting sharp increase in network traffic can noticeably affect Cisco Content Service Switches and Cisco routers running IOS, depending on the device and its configuration. Unusually high CPU utilization and memory starvation may occur.
The "Code Red" worm is causing widespread denial of service on the Internet and is compromising large numbers of vulnerable systems. Once infected, the management of a Cisco CallManager product is disabled or severely limited until the defaced web page is removed and the original management web page is restored.
Software Versions and Fixes
Microsoft has made a patch available for affected systems at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ security/bulletin/MS01-033.asp .
Cisco is providing the same patch at http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=c isco/voice/callmgr/win-IIS-SecurityUpdate-2.exe&swtype=FCS&code=&size= 246296 with documentation at http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=c isco/voice/callmgr/win-IIS-SecurityUpdate-Readme-2.htm&swtype=FCS&code =&size=4541
Cisco Building Broadband Service Manager is documented separately at
Obtaining Fixed Software
Cisco is making available software patches and upgrades to remedy this vulnerability for all affected Cisco customers.
For most Cisco customers, upgrades are available through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com/.
Customers without contracts can obtain the patch directly from Microsoft or by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows:
* (800) 553 2447 (toll-free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * E-mail: email@example.com
See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including instructions and e-mail addresses for use in various languages.
Give the URL of this notice as evidence of your entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC or directly from Microsoft. Please do not contact either "firstname.lastname@example.org" or "email@example.com" for software upgrades.
We recommend following the instructions in the Microsoft security bulletin for addressing the actual vulnerability.
Exploitation and Public Announcements
This issue is being exploited actively and has been discussed in numerous public announcements and messages. References include:
Status of This Notice: FINAL
This is a final notice. Although Cisco cannot guarantee the accuracy of all statements in this notice, all of the information has been checked to the best of our ability. Should there be a significant change in the facts, Cisco may update this notice.
This notice will be posted on Cisco's Worldwide Web site at http://www.cisco.com/warp/public/707/cisco-code-red-worm-pub.shtml In addition to Worldwide Web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients:
* firstname.lastname@example.org * email@example.com * firstname.lastname@example.org * email@example.com (includes CERT/CC) * firstname.lastname@example.org * email@example.com * firstname.lastname@example.org * email@example.com * comp.dcom.sys.cisco * Various internal Cisco mailing lists
Future updates of this notice, if any, will be placed on the Cisco Security Advisories page at http://www.cisco.com/go/psirt/, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the URL given above for any updates.
Revision 1.0 2001-Jul-20 Initial public release
Cisco Product Security Incident Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's Worldwide Web site at http://www.cisco.com/warp/public/707/sec_incident_response.shtml . This includes instructions for press inquiries regarding Cisco security notices. _________________________________________________________________
This notice is Copyright 2001 by Cisco Systems, Inc. This notice may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. _________________________________________________________________
END OF OFFICIAL ANNOUNCEMENT.
And Now This:
Microsoft Bundles Worm with IIS
Redmond, WA - Microsoft announced that it bundled a worm with its latest version of Internet Information Server.
"We did it because it's beneficial to our users," said Bill Gates. "With the worm already bundled as part of the software, network administrators won't have to wonder if their system is infected. They will know. It's obvious with the number of servers already infected with worms and Trojan horses that this is something our users want. Otherwise, why would they be infected?"
The worm named Penfield Destroyer replicates itself and spreads to other IIS servers not already infected by the worm. On September 18th 2001 the servers will mount a coordinated attack on the Department of Justice website.
"I like the fact that I don't have to go out and install the upgrade myself. I was expecting one of those confusing Worm Wizard things that I always choose Typical on," said one network administrator who should remain anonymous. "The Microsoft rep told me that they would bill us when the worm installed itself. That's why I love working with Microsoft, innovation."
Servers installed with Linux will be safe from attack, which is by design according to Microsoft. "We're not going to infect our worm with the GPL virus. If our worm were to infect a Linux server then it would have to be given away for free to everyone, and then the dark curtain of Communism would surely blanket America," said a Microsoft engineer.
Security experts were unfazed by the whole affair. "If it's a Microsoft produced worm it won't work until the third version anyway. I'll get more worried then when Trojan Worm Virus 3.0 is released," said SecurityBreach.com's Lonnie Markow.
Confused hackers cracked the worm within 48 hours of its release and copies were available for download on warez sites. http://bbspot.com/News/2001/07/worm.html
I received this in my mail this morning. Humor, of course. Right? Right?
Certainly, no question about it...
Regarding Adobe pdf files,
Why even bother with encryption? I will just "encode" everything in ASCII say that it is private and if you access the data without my software/hardware or tell others what I have done I will have you arrested and flogged.
July 21, 2001
I am reading your web page, and sending this email, with a Handspring Visor Deluxe and a Handspring Modem. It works better than I expected.
The web browser I am using is Handspring Blazer, which I bought by web ($20), downloaded, and installed. It works via proxy: the proxy server pre-processes each web page, resampling all images so they fit on a Palm 160x160 screen. Since I don''t have color, images I see are in 2-bit greyscale. The preprocessed pages are easier to render for the relatively weak CPU in a Palm PDA, and they download more quickly and take less RAM.
This is tempting me to buy a Visor Prism -- 33 MHz CPU (twice as fast as what I have now) and 16-bit color. Would be fun for web pages!
Because the modem uses the Springboard slot, the cradle connector is free. I should be able to use my GoType keyboard with this! I''ll try it soon.
With a $30 cable I could use my cell phone to surf the web with Blazer. That has possibilities too.
No doubt about it, a laptop is better -- but I can drop Visor and modem into a coat pocket, which is pretty small and light. I can see myself using this on bicycle trips and such.
Anyone interested in a Handspring modem, get one *now* from www.amazon.com; they are only $40 and appear to be on closeout. Other modems, such as the Thinmodem, will still be available of course.
__________________________________________ This message was sent using Blazer, the new PDA browser from Handspring, Inc. For more information please visit http://www.handspring.com/blazer
Concerning the E-Mail conversation at http://interactive.wsj.com/articles/SB995586149849917777.htm about the sentence imposed on the man who threw the dog to death on a California highway:
Jerry Pournelle is wont to remind us about the Special Relationship between Dogs and Humans.
Once upon a time, very long ago, the Dogs and the Humans made a pact.
The Dogs would specialize in smell and teeth and keep watch over the common camp and help with the hunting.
That would leave the Humans free to develop brains and hands and tools and agriculture and so on, to safeguard the longer-term interests of the puppies and the human children.
The Dogs have not forgotten this Pact.
But I suppose we Humans are now so powerful that we can safely forget it.
Or maybe not.
Maybe not indeed.
In response the news from Microsoft yesterday that they will not include Java Virtual Machine (JVM) with Windows XP, Clay Shirky has written in an open letter to Dell, Compaq, Hewlett-Packard, Gateway, IBM, Toshiba, SONY, and all original equipment manufacturers of the Intel-compatible personal computing world: a plea to preserve diversity in the computing ecosystem by including JVM on every personal computer manufactured.
To see this open letter, and to add your voice to it, go to: http://www.oreilly.com/news/jvm_0701.html
Many US government forms are most available on-line from sites like uspto.gov only in PDF format. Some can be filled out with the Acrobat Reader and filed electronically to seek patent protection, for instance.
The government has been involved for a long time with Adobe in bringing this system through many revisions. At least one of the firms testing the process will not use it to submit.
So under a boycott, we would be denied the equal protection of speedy and timely access to government services, since we would have to depend on Adobe software to do it?
I don't know, but wonder, about security issues for sensitive client information submitted in PDF format. Of course it is not the ebook format that is the focus of the current issue. Is there negligence if information that is supposed to be secure is filed at the invitation of the government, by a means that is readily read by an espionage interceptor with a $100 program ?
Jerry; I see that you will be reviewing XP. Please take Microsoft to task over their validation scheme. You remember as well as I do the "bad old days of copy protection". If Microsoft persists in this, all of the other software vendors will do the same. The result will be chaos. What happened to the company who in the 80's helped prevent the spread of the copy protection craze by refusing to go along. Are we seeing a little of the monopolist here? Regards, Shaun
I recall indeed. And I am still collecting comments, although I pretty well know what I think now.
July 22, 2001
Following your advice to stick with Intel right now I just ordered a new desktop system from Dell, a 1.1Ghz Pentium 3 with 256MB SDRAM, Intel chipset, 60 gig ATA/100 IBM hard drive, 32MB Nvidia Geforce 2 MX video w/ TV out, Soundblaster Live! Value card, speakers, Intellimouse, keyboard, 12X/8X/32X CD-RW, Microsoft Works suite, Norton 2001 Anti-Virus, 56K modem, floppy, WinME, two year warranty, all for $1,223 plus shipping.
It seemed I could not build an equivalent system - apples to apples - for less. If some of your readers believe they can they need to add to the above a free Epson stylus C40UX printer and a WinXP upgrade deal - 20 bucks for a copy of XP home edition when it comes out - both of which Dell threw in.
In your situation, where hardware and OS evaluation units are thick on the ground, build probably works out much cheaper than buy. But I like the idea of being squeaky clean regarding licensing, and as I tend to give my old hardware fully configured to friends or needy institutions by the time I added the "dribs and drabs" like a keyboard and mouse, software, and an OS to the build-it-myself solution the numbers just didn't work out. Plus with Dell I have a one-point source for tech support and warranty assistance, should I need it.
This is not to tout one manufacturer over any other; Dell just offered the right options and pricing for me on this day. And when I get back to Florida in November I still plan on building a "super" gaming system using my existing Micron full tower case and power supply. I'll probably opt for an Asus or Abit MOBO, an AMD "Palomino" Athlon 4 CPU at 1.5 or 1.6 gig, 256MB of DDR SDRAM, a Geforce 3 video card, and a RAID pairing of fast drives - that should be a lot of fun, with the accent on performance, not cost. Though hopefully by then prices will have taken another dip...
It's stunning what a little over a grand will buy you in computing power these days, isn't it? Remember John Dvorak's "the computer you REALLY want is always about $5,000" of a few years ago? That dream system price has been cut at least in half, and the Dell system above for one quarter of it shouldn't be exactly a dog.
All the best,
I believe I could better your price a little at Fry's but it's true enough, I don't pay a lot of attention to pricing. I would have used the Intel D815EEAL motherboard and their sound drivers, which are quite as good as the Sound Blaster Live! in my judgment, and I can't think Microsoft Works is much value; it would not be to me. A decent keyboard is now under $25 and I see optical mice that seem to work as well as the Microsoft mice for under $20. I also see DVD drives for $39 complete with Power DVD software, and CD-RW drives for not much. Hard drives are under $3 a gigabyte for Maxtor and Seagate, both of which are reliable; be sure you don't have a Western Digital drive in that package, and if you do, I would strongly advise replacing it: every major disk failure I have had or have had reported to me in the past couple of years has been a WD drive. The ATA comes with the Intel D815EEAL, and works fine. I agree that the Geforce 3 is the right video card for a video processing system; given that is the intended use I would double the RAM.
All in all I think you will be happy enough, and you can yell at Dell if something goes wrong; for me I would still have build my own, possibly with a 1 ghz chip with the D815EEAl board and a 300 Watt superquiet PC Power and Cooling case/power supply.
Of course the quiet costs money and you can get them without that expense, and there are plenty of good cases and power supplies. I like PC Cool because it's one less thing to worry about; I am particularly suspicious of "smart" power supplies that turn the fan off until they think they ought to turn it on. The power savings are low and the risks are high.
I am told that Works now includes a version of Word, which would make it quite useful if that is Word 97 or later.
--- From a physician: