| Wednesday,
March 13, 2002 Begin with this
warning:
The Ghost In The Machine:
Did you know that Windows XP comes with speech
recognition turned on by default?
A lot of people didn't.
http://www.computeruser.com/news/02/03/12/news1.html
- Paul
Hi, Jerry!
You might alert your readers using Windows/OfficeXP
about this problem which I first saw on SlashDot.org then read about
further in the cited article here: http://www.computeruser.com/news/02/03/12/news1.html
In summary if speech recognition is on* in
Windows/Office XP one can have random text entered when in text entry mode
or have random commands invoked when in some programs. The speech
recognition/text services (SR/TS) will pick up the surrounding noise and
attempt to interpret it as best as it can. Turning off or disconnecting
the microphone was insufficient in some cases because some users have
reported that some problems persisted after doing so making it necessary
to disable SR/TS.
* There seems to be some dispute on whether or not
SR/TS is installed and turned on by default. Some on SlashDot wrote that
it was turned on by default when they installed Office XP themselves. One
also noted that SR/TS significantly degraded the throughput of his
computer and disabled SR/TS for that reason alone.
The Microsoft article on how to determine if SR/TS
is turned on and how to turn it off (along with a LOT of other info) can
be found here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306537
Another MS article on how IE 5.5/6.x might be
affected: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315765
This one has instructions on how to disable SR/TS if
one has programs behaving randomly: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313176
Thanks for keeping all of your readers so well
informed, and my apologies if I have repeated any information about which
you have already written.
Arthur Maruyama
I will say that I have had no trouble with this
at all.
Now for a fair amount of advice:
Hi Jerry,
I've enjoyed reading your columns for years and I
thought I would share some thoughts about firewalls.
Previously I've used a Linux system (2.0.36 kernel)
on a P90, 32 megs of RAM, and 2 SMC (Western Digital) 8013 (remember
those?) nics, as a firewall connected to my DSL line. It was configured
using NAT and such. This was a great system for a couple of years and it
hosted my name server, mail server, web site, and such. However, over
time, I found myself spending a lot of time keeping up with the latest
patches to libraries and executables due to all of the security
vulnerabilities. Because of that, I would NOT recommend a Linux box as a
firewall. Yes it can be done, but you have to spend too much time keeping
it up. I strongly suggest getting a good quality appliance type device. I
think they are intrinsically more secure, especially if there is no user
accessible OS for somebody to break into.
About a year ago I managed to pick up a SonicWall
Tele2 firewall appliance for about $375 and it has worked like a charm. It
has a simple straightforward web interface and works great with my DSL
line. Note, I do NOT work for SonicWall but have worked now at 3 different
companies where the SonicWalls have given us really good service. Anyway,
I still run my Linux box, (upgraded to kernel 2.2.15 with patches, AMD
K6-2 350Mhz, 192 meg of RAM, 3com 10/100 nic) as my name server, web
server, file server, and mail server. Although it is still a vulnerable
point into my network, the risk is significantly mitigated by the separate
firewall.
Finally, for years I have thought about running a
dual CPU system. My rationale is cost/performance. I can buy a previous
generation (P3 based) motherboard for approx. $50, get some discarded P3s,
inexpensive SDRAM (256meg), and older hard disks, and have a pretty good
system for little money. I've managed to create a reasonably cheap dual
cpu W2K system for approximately $250.00. I suggest you hold out for a
dual P4 motherboard before you build your 2.2 Ghz system. Once it becomes
too slow, you just add another CPU and tweak your OS. With Win2k it was a
breeze to convert from 1 cpu to a dual CPU setup. Not quite double the
performance but good enough. Another nice point about a dual CPU box, is
that it throttles some processes and keeps them from completely soaking up
all available CPU.
Anyway, keep writing the columns. By the way, any
plans to bring Prince Lysander back in any of your books? I really liked
the books with him in it.
Take care, Pete Sole' pete@lighthousenet.com
In general, routers will do a better job of
routing than a general purpose computer. It's a question of what else you
want the system to do. For me, the best security goes through a router to
a Linux box that does other tests and spam elimination, but I am sure
there are other ways to accomplish the same things.
Lysander will be back. It's a question of
scheduling.
March 11, 2002 Column 258 You wrote--
"I haven't used one with DSL because I don't
have DSL, but I have reports that the LinkSys and DLink routers work
well"
I have an SMC with dynamic IP on DSL -- works great
My brother has DLink with dynamic IP on cable modem -- works great My
cousin has DLink with dynamic IP on DSL -- works great My friend has
Linksys with static IP on DSL sometimes running VPN -- works great Another
cousin has Linksys with static IP on DSL sometimes running VPN -- works
great
Each of us has been running this from 1-3 years with
no problems for any of us, well, except for occasionally forgetting what
we changed the password to. And all three brands make it very easy to
change the password initially. So in my experience, firewall/routers look
like generic products. One less thing to worry about.
Reed McCullough
Thanks.
And from Joel Rosenberg, a report from, the Linux
front:
After a week of playing with Applixware -- now
called AnyWhere -- I've gone back to OpenOffice.org's new release, which
fixed the bugs that annoyed me with the previous version, and which seems
to get better and better with each release. AnyWhere had some serious
trouble exporting to rtf files that anything but Word could read, although
it did have some nice features.
Still having occasional trouble reading .pdf files
generated by Microsoft products (hmm....), and found a site created by
FrontPage that's utterly unreadable by any of the graphical browsers on my
system.
Still, I'm glad I made the move, particularly given
the latest exploit. My friend David Dyer-Bennet (ddb@dd-b.net) -- who
hosts ellegon.com, among many other things -- got hit by very clever, Red
Hat tailored exploit, and still hasn't quite managed to scrub it all out
of his system. (If you should email me something and don't get a response,
please try another email address: joelr@metzada.com, joelr@slovotskys-laws.com,
joelr@winternet.com all work).
In bad news, Mandrakesoft appears to be reduced to
begging its users for money in order to avoid further staff cuts. Hence
the following response to their latest begging email.
[Response, which basically says 'I sympathize, lots
of luck' omitted.]
Joel
I do wish them well.
The following is excerpted from a letter, and is
part of an article:
This from the Register UK daily blab.Best jer
Win-XP kills Verizon DSL
By Thomas C Greene in Washington
[Intro omitted.]
He kept me on hold a great deal of the time while he
repeatedly consulted one of the network technicians, whose input in turn
led to progressively better questions, and eventually, to the prize -- the
conclusion that something was off somewhere upstream of my modem.
After forty minutes or so the third level-one techie
passed me off to the network technician. Finally, I was speaking with
someone who knew more than I did. It was 4:15 pm.
The problem, he explained, was that the Verizon
router had locked me out permanently, so I'd have to be associated with a
different one. He switched me over, and that was that.
The cause of this problem, however, originates in
Windows-XP. As anyone who uses PPPoE (Point-to-Point Protocol over
Ethernet) with ADSL will tell you, the MTU (Maximum Transmission Unit) has
to be set to 1492 or less. On Win-XP, it's set by default to 1500, which
causes your machine to irritate a naturally anti-social router, which may
then shut you out.
Microsoft is clearly aware of the problem, as this
bulletin shows; but XP nevertheless persists in setting up PPPoE with an
MTU of 1500. The bulletin offers a registry hack for PPPoE users; but
there is no patch, and there is no longer a GUI network-setting dialog
which enables the user to change MTU conveniently.
Win-9x requires the use of third-party PPPoE
software, and this (should) automatically set MaxMTU correctly. The
problem is peculiar to XP, which insists on setting up PPPoE on its own,
and gets it wrong. Linux is also not affected, as the Roaring Penguin RP-PPPoE
package handles MTU properly as well.
There's more on this; it's a problem to be aware
of. I will have more on this another time.
I have sent this to Microsoft
XP technical people and they expect to send me a response shortly:
March 12
Dear Jerry:
I should be working on my taxes but this seems very
important - you may have already covered it in one of your security posts
but if so I missed it.
By "Microsoft's Insecurity" I don't mean
that Bill Gates is afraid of the dark or questions his manhood (he may -
how would I know?) but rather that the version of Internet Connection
Firewall (ICF) included with Windows XP has a serious flaw which renders
it worse than useless, at least using Earthlink through a dial-up
connection. I've had the exact same results on two different computers,
one a desktop and the other a laptop.
What happens is this: either during the initial
setup of Earthlink as a network connection via the Network Connection
Wizard or later as an explicit modification the user attempts to activate
XP's Internet Connection Firewall. All seems to go well. If the user is
on-line with the target connection active at the time he/she will be
advised that not all features can be implemented until sign-off and a
fresh log-on. Reviewing the status of that active connection will show
that the check box for Enable Internet Connection Firewall IS checked, and
the user would naturally think the protection is in place. Running the
tests on Steve Gibson's site right then, with the active connection
unbroken since enabling the firewall, will show that the machine is indeed
in full "stealth" mode, and naturally most people would now
assume the issue has been successfully addressed.
WRONG! A fresh log-on (via Earthlink using their
dialer at least - I have no way to test other ISP connections and/or
associated software) DISABLES the firewall, and the machine is completely
open to probes and hacks!
I've spent hours testing this scenario, and the
result is always the same: while I can enable the Internet Connection
Firewall and have it work ONCE, as soon as I log off the network and back
on again the protection disappears, and the "enable Internet
Connection Firewall" box reverts to being unchecked.
Frankly I don't know what's happening here, but it
is happening on two separate machines that have never been on a network
together. It's possible that I have been hacked myself and some malicious
code is deactivating my ICF every new log on. It's possible that Earthlink
somehow is disabling the ICF. And, worse case, it's possible that this is
a flaw in XP and lots and lots of people out there THINK they are
protected, have even tested their connection under the circumstances above
and proven to themselves that they ARE protected, never realizing that
once they log off that active connection session their protection
vanishes.
My own response has been to buy a stand-alone
software firewall - in my case the new version 3 of Zone Alarm (which also
blocks those terribly annoying pop-up ads - a wonderful bonus!). Whatever
is stripping the protection from XP's ICF has no effect on Zone Alarm, and
my machines now test fully "stealthy" on Gibson's "Shields
Up" site at all times. Many thanks to Steve and his site, by the way
- without it I might have stayed naked and exposed. As it is I have no
idea if hackers have made it into my main system in the past few months
while I thought it was being well protected by XP's ICF; the laptop
involved is brand new (more on that later) and was protected by Zone Alarm
within hours of being put into service, so I'm not so worried.
I hope you can forward this to relevant parties at
Microsoft and/or Earthlink and/or elsewhere for further testing. The only
thing worse than having no firewall at all is having one you think is
working when in fact it isn't!
All the best--
Tim Loeb
It is clearly something I can't test myself. I
have told Microsoft.
On The Subject That Will Not Die, something to be
aware of:
I have had nothing but via chipsets, and overall
they are fine. I am reasonably competent, so I build my computers on a
very limited budget. I still compute with a k6-2 450, but I have built
other , more powerful systems for friends. I know I need to upgrade, but I
just do not have the money. However, I was able to afford a low end Nvidia
Geforce 2 Mx 400 64 meg video card. I had numerous issues with it and
finally discovered after many hours of searching that it was the via
chipset, and there was a third party patch for it. Once patched, my
problems went away! The issue had to do with the Via chipset not queuing
data requests properly on the PCI buss.
I like to think that since I have been fiddling and
tweaking computers since the days of CP/M, I have more than the average
amount of knowledge about computers. I was lucky. I do know a little bit
and I was very persistent. I am certain that others with less knowledge or
persistince might have just taken the card back. I know I almost went back
to my voodoo 2000 PCI.
Larry Greene
There are other such stories. You can certainly
get those things working. You may have some work to do.
And from Ed Hume:
We have my accountant to thank for this:
An unemployed man went to apply for a job with
Microsoft as a janitor. The manager there arranges for him to take an
aptitude test. After the test, the manager said, "You will be
employed as a janitor at minimum wage, $5.15 an hour. Let me have your
e-mail address, so that I can send you a form to complete and tell you
where to report for work on your first day.
Taken aback, the man protests that he has neither a
computer nor an e-mail address. To this the MS manager replies,
"Well, then, that means that you virtually don't exist and can
therefore hardly expect to be employed by Microsoft. Stunned, the man
leaves. Not knowing where to turn and having only $10.00 in his wallet, he
buys a 25 lb flat of tomatoes at the supermarket in less than two hours,
he sells all the tomatoes individually at 100% profit. Repeating the
process several times more that day, he ends up with almost $100.00 before
going to sleep that night. Thus it dawns on him that he could quite easily
make a living selling tomatoes.
Getting up early every day and going to bed late, he
multiplies his profits quickly. After a short time he acquires a cart to
transport several dozen boxes of tomatoes, only to have to trade it in
again so that he can buy a pickup truck to support his expanding business.
By the end of the second year, he is the owner of a fleet of pickup trucks
and manages a staff of a hundred former unemployed people, all selling
tomatoes.
Planning for the future of his wife and children, he
decides to buy some life insurance. Consulting with an insurance adviser,
he picks an insurance plan to fit his new circumstances. At the end of the
telephone conversation, the adviser asks him for his e-mail address in
order to send the final documents electronically.
When the man replies that he has no e-mail, the
adviser is stunned. "What, you don't have e-mail? How on earth have
you managed to amass such wealth without the Internet, e-mail and
e-commerce? Just imagine where you would be now, if you had been connected
to the Internet from the very start!"
"Well," replied the tomato millionaire,
"I would be a janitor at Microsoft!"
By definition, a fable must have a moral. This one
has four:
1. The Internet, e-mail and e-commerce do not need
to rule your life.
2. If you don't have e-mail, but work hard, you can
still become a millionaire.
3. Since you got this story via e-mail, you're
probably closer to becoming a janitor than you are to becoming a
millionaire.
4. If you do have a computer and e-mail, you have
already been taken to the cleaners by Microsoft
Have A Great Day
For the humor impaired, note that the above IS A FABLE, and
see below.
And on unemployment:
Dear Dr. Pournelle;
Concerning your comments about sudden unemployment
in your View of Tuesday, March 12. It sometimes doesn't matter your level
of education or social standing: you can be a 45-year-old textile worker
or a 45-year-old IT professional and still get caught in the gears of
government. And, in some cases, the Republic can cause more grief than it
offers in assistance. The case is point is a friend who has been in the IT
industry for 17 years. Due to a messy divorce and altruistic feels for his
ex, he was saddled with a massive credit-card debt and a large, monthly
child support debt. As long as he was working, he managed to balance his
bills.
During the run-up to the recession, he was laid off.
One of the scary events that followed was that he wasn't making enough on
unemployment to pay his child support and live. The court instigated a
seizure of his unemployment benefits: they took half of the benefits and
he would fall into arrears for the balance until he could get the
settlement changed. That's when the credit card collection agencies began
calling.
The final humiliation came when, out of desperation
to find *any* work, he applied for an SAP implementation data entry job.
He'd helped two national firms implement SAP, but found out his clerical
skills weren't good enough to get him a job keying in figures on
spreadsheets.
Granted, much of his trouble comes from decisions on
his part, but instead of benign neglect on the part of society, it seems
like it's actually trying to drive him into bankruptcy. It is a cautionary
tale: many people are just one paycheck away from disaster.
-- Pete
Precisely. Aristotle said that the best republic
is one ruled by the middle class, and the middle class is those who possess
the goods of fortune in moderation.
Under that definition there are not many middle
class in this country, because they do not OWN the means of making a
living, and have no rights in their jobs, nor are their skills readily
marketable (Socrates had a profession as a tradesman as well as as a
teacher). One does not have to be a Marxist to understand that this can be
a problem in preserving a republic.
Indeed the ancients would have said the US is far
too large to be a republic and will inevitably be an empire. Our attempts
to make the important stuff locally decided kept us out of the logic of
empire, but we inevitably centralize now.
:
TOP
|
CLICK HERE for
a Special Request. 
