CHAOS MANOR MAIL
Mail 196 March 11 - 17, 2002
CLICK ON THE BLIMP TO SEND MAIL TO ME
FOR THE CURRENT VIEW PAGE CLICK HERE
If you are not paying for this place, click here...
Highlights this week:
IF YOU SEND MAIL it may be published; if you want it private SAY SO AT THE TOP of the mail. I try to respect confidences, but there is only me, and this is Chaos Manor. If you want a mail address other than the one from which you sent the mail to appear, PUT THAT AT THE END OF THE LETTER as a signature. In general, put the name you want at the end of the letter: if you put no address there none will be posted, but I do want some kind of name, or explicitly to say (name withheld).
Note that if you don't put a name in the bottom of the letter I have to get one from the header. This takes time I don't have, and may end up with a name and address you didn't want on the letter. Do us both a favor: sign your letters to me with the name and address (or no address) as you want them posted.
I try to answer mail, but mostly I can't get to all of it. I read it all, although not always the instant it comes in. I do have books to write too... I am reminded of H. P. Lovecraft who slowly starved to death while answering fan mail.
Search: type in string and press return.
or the freefind search
If you subscribed:
If you didn't and haven't, why not?
Search: type in string and press return.
March 11, 2002
Roland sends this with the subject Causus Belli
It is also a good reason to question what our intelligence system was doing after 1992.
We don't leave anyone behind. Baghdad by July 4.
Following in reference to last week's mail...
Some time ago, I read a list of commonly-available materials that could be made into effective silencers. Some of these are materials that the vast majority of the population routinely purchases on a regular basis.
However, given the current climate, maybe I'd best remain silent.
But we were born free. I wouldn't dare post your list if you sent it. I deliberately didn't give details in Lucifer's Hammer on how some of the weapons were made, but that was social responsibility not because I was afraid of The Awful Majesty of The Law in the person of the BATF. It was also before Waco.
And here's news Roland found:
AOL switches to Linux
Which is really interesting.. Alas it will be a while...
A disturbing trend:
Here's a very interesting article about book contracts and how they've gone from bad to horrible.
My agent deals with such things. I would hate to be breaking into this business now. Neither authors nor author associations have much clout now. There are a few gentlemen left in publishing, some of them in science fiction. But the business has changed a lot since the conglomerates got in the act.
However I didn't read the whole thing, and I see that in SFWA there's already a discussion. This is what one well known author had to say:
There's a mix of decent info and bad info in that article. And the tone, I think, is pretty naive.
A lot of the stuff he talks about is not new. I signed publishing contracts back in 1980 that didn't require Doubleday to publish, rather gave them the right to publish. That's nothing new. He writes as if this is a new deal.
And talking about a 50/50 sub-rights split paperback is also nothing new, but what it is today is rare. Because unless you're selling to a hardcover only publisher (and how many of those are there around these days?) you're probably signing a hard/soft deal and you get 100% of the paperback royalties.
I could debate it point by point, but the fact is, as long as a boilerplate is negotiable, it's not restrait of trade, especially since the publishers aren't in collusion over terms (they do steal ideas from each other's contracts all the time), and you're free to go elsewhere to do business.
What it reflects is nothing new: when it comes to authors, it's a buyer's market, unless you're a best seller, in which case its a seller's market.
Since I have not negotiated a contract in 20 years, I am the wrong person to comment on most of this. But I have one of the best agents in the business.
The very best book about Outlook: Outlook in a Nutshell by Tom Syroid and Bo Leuf (O'Reilly) I consider absolutely essential. Unlike most books that are a thinly (thickly?) disguised rewrite of what you can glean from the online help, it relates clearly all those things that we find so frustratingly difficult to ascertain elsewhere. Actually, I consider it the best written and most useful computer book I ever read, or purchased.
Jonathan Sturm www.sturmsoft.com
Well I quite agree that it is a very useful book. The one I have it Outlook 2000 In A Nutshell; is there a later? I recommended it when it first came out.
Roland's cookie for today:
One of your most ancient writers, a historian named Herodotus, tells of a thief who was to be executed. As he was taken away he made a bargain with the king: in one year he would teach the king's favorite horse to sing hymns. The other prisoners watched the thief singing to the horse and laughed. "You will not succeed," they told him. "No one can."
To which the thief replied, "I have a year, and who knows what might happen in that time. The king might die. The horse might die. I might die. And perhaps the horse will learn to sing.
-- "The Mote in God's Eye", Niven and Pournelle
a rare thing.
Then take a look at this
and tell me what you think...
Let these stand for several:
I'm one of those people that wrote you a nasty email last week. I wish to appologize for that. Your current article does make where you stand very clear. I think that you are right about VIA chipsets. I've had several and they run fine until you put in that video capture card, FireWire adapter, Webcam, USB Smartmedia reader, etc.. Then you have to do the hunt down the VIA 4in1 drivers and diddle things to get them stable. They can always be made stable but after a lot of fiddling. I've recently switched my Athlon systems over to the SiS 735 chipset and it is rock solid so far. My old VIA machine would not run an old ATI Rage Fury that I had. I always assumed that the problem was with the Video Card. But when I put it into the SiS system it worked with everyone of the versions of drivers that I had for the ATI Video Card.
Keep up the good work.
Cheers, Mike Roberts
Hello Mr. Pournelle I have read your most recent article on byte.com, and I have to agree. I have used almost every possible configuration of AMD athlon + VIA, AMD & SiS chipsets, and the stability, even if quite good at times, is hardly rock-solid. The best among those, as odd as it may sound, are the SiS chipsets, I recommend you to try one of those boards, you may be pleasantly surprised. Regarding the problems with big raw transfers through the AGP on VIA chipsets, I have experienced those too, with video-output. The only solution I have found (which I can't guarantee, as the crashes usually happened only every 2-3 days), was to set the "AGP waitstate" to 1.
keep up the good work
Oren J. Maurice
I don't say much about SiS chipsets largely because I haven't any familiarity with this set: I have not in the past had a warm feeling about SiS, but it may well be that they have turned a corner and I missed it. Thompson agrees their AMD support chips are pretty good.
There there are these:
Wow your ignorance succeeds you stupidity. I have never read such B.S. Thanks for the laugh.
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
Troy Skirchak [email@example.com]
The address would make him a Frank Herbert fan. Frank was an old friend and I miss him. And I can't resist this one:
After reading the first paragraph or your March 11 Article "The Chip on Their Shoulders", now I really wonder! How in the world did you get your hands on a K6-2 back when George Bush Sr. was the President when the rest of us couldn't buy them until Bill Clinton was into his second term?
Also, just another minor correction in your first paragraph, the AMD enthusiasts would have "flamed" you not "spammed" you as spam is annoying email from one to many and you received annoying email from many to one! That should help bring you a little closer to date with the internet lingo!!
This was in fact after I had already sent him a reply to a previous letter informed about as well as I expected.
Indeed, the system I sent to the Gulf in 1992 wasn't and couldn't have been a K6-2 which didn't exist then, and I forget just what system it was. It was a later deployment on a different ship that carried the K6-2. The machine exists but is spare parts now because the hard drive was destroyed for security reasons.
As to spam, spam I said, spam I mean: I was "opted in" to a bunch of lists by AMD enthusiasts. It's easy enough to filter the stuff, but it's an insight into the maturity of these people. As is the notion that I need to be told what spam is.
I won't bother with the rest. Most of the mail on this subject is now in agreement, and in any event we have said all we wanted to. But I do find this amusing. And I find that AMD enthusiasts clearly have limited lives if the worst thing they have ever seen is one of my columns.
And this just in:
A shame that a legend had to go this way.
THE posthumously published autobiography of science fiction master Isaac Asimov reveals that the "I, Robot" author died of AIDS. Due out later this month, "It's Been a Good Life" - which Asimov's wife, Janet, compiled from her late husband's notes and essays - details how he contracted AIDS through a tainted blood transfusion while undergoing bypass surgery in 1983. He finally succumbed to the disease in 1992, at age 72.
Thanks. I knew Isaac, but like most writer friendships I knew him fairly intensely over brief periods, mostly at conventions. We corresponded briefly. He liked postcards, largely I think to limit how much he would write to his friends and correspondents. I had no clue as to AIDS. He never told his friends. I liked Janet a lot and we corresponded a few times since Isaac died.
Isaac read the psalm at John W. Campbell, Jr.'s funeral although Isaac was neither Christian now a believer. Nor I suspect was Campbell but his wife was. I didn't get to Isaac's service. He could be dead wrong, pigheadedly wrong, but he was always pleasant to be with, and if he thought you were nuts he never said it that way. Rational argument was his strong suit...
He also had an excellent tenor voice which he used to sing questionable songs like The Highland Tinker, no singe line of which I could possible post. This would be at private and closed parties where nearly everyone was drunk although Isaac drank only in moderation if at all. A good man. I miss arguing with him.
This from Bob Thompson, although I have previously warned you and even sent a mail warning last week to my subscribers.
A fake email security alert is making the rounds. It supposedly comes from Microsoft, and has an executable program attached. This Trojan was announced in the trade news a couple days ago, but I have received three copies of this bogus message so far this morning, so apparently things are heating up.
DO NOT RUN THE EXECUTABLE.
Microsoft never, under any circumstances, sends out updates via email. This message has forged headers, and does not come from Microsoft Corporation. Running the attachment infects your system. Note that I have Norton Antivirus with virus sigs updated as of 0300 this morning, and it did not flag the message. I'm attaching the text of the message below. The message appears to come from "Microsoft Corporation Security Center" and the subject line reads "Internet Security Update".
***** THE FOLLOWING IS BOGUS **********
this is the latest version of security update, the
known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer.
Description of several well-know vulnerabilities:
- "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability. If a malicious user sends an affected HTML e-mail or hosts an affected e-mail on a Web site, and a user opens the e-mail or visits the Web site, Internet Explorer automatically runs the executable on the user's computer.
- A vulnerability that could allow an unauthorized user to learn the location of cached content on your computer. This could enable the unauthorized user to launch compiled HTML Help (.chm) files that contain shortcuts to executables, thereby enabling the unauthorized user to run the executables on your computer.
- A new variant of the "Frame Domain Verification" vulnerability could enable a malicious Web site operator to open two browser windows, one in the Web site's domain and the other on your local file system, and to pass information from your computer to the Web site.
- CLSID extension vulnerability. Attachments which end with a CLSID file extension do not show the actual full extension of the file when saved and viewed with Windows Explorer. This allows dangerous file types to look as though they are simple, harmless files - such as JPG or WAV files - that do not need to be blocked.
System requirements: Versions of Windows no earlier than Windows 95.
This update applies to: Versions of Internet Explorer no earlier than 4.01 Versions of MS Outlook no earlier than 8.00 Versions of MS Outlook Express no earlier than 4.01
How to install Run attached file q216309.exe
How to use You don't need to do anything after installing this item.
For more information about these issues, read Microsoft Security Bulletin MS02-005, or visit link below.
Thank you for using Microsoft products.
With friendly greetings, MS Internet Security Center. ---------------------------------------- ---------------------------------------- Microsoft is registered trademark of Microsoft Corporation. Windows and Outlook are trademarks of Microsoft Corporation.
Note that Microsoft will NEVER send you mail with attachments, and you must NEVER open unexpected mail attachments even if they come from someone you know. Opening strange mail attachments is the most common way of being infected by a virus, Trojan, or Worm.
March 13, 2002
Begin with this warning:
The Ghost In The Machine:
Did you know that Windows XP comes with speech recognition turned on by default?
A lot of people didn't.
You might alert your readers using Windows/OfficeXP about this problem which I first saw on SlashDot.org then read about further in the cited article here: http://www.computeruser.com/news/02/03/12/news1.html
In summary if speech recognition is on* in Windows/Office XP one can have random text entered when in text entry mode or have random commands invoked when in some programs. The speech recognition/text services (SR/TS) will pick up the surrounding noise and attempt to interpret it as best as it can. Turning off or disconnecting the microphone was insufficient in some cases because some users have reported that some problems persisted after doing so making it necessary to disable SR/TS.
* There seems to be some dispute on whether or not SR/TS is installed and turned on by default. Some on SlashDot wrote that it was turned on by default when they installed Office XP themselves. One also noted that SR/TS significantly degraded the throughput of his computer and disabled SR/TS for that reason alone.
The Microsoft article on how to determine if SR/TS is turned on and how to turn it off (along with a LOT of other info) can be found here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306537
Another MS article on how IE 5.5/6.x might be affected: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315765
This one has instructions on how to disable SR/TS if one has programs behaving randomly: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313176
Thanks for keeping all of your readers so well informed, and my apologies if I have repeated any information about which you have already written.
I will say that I have had no trouble with this at all.
Now for a fair amount of advice:
I've enjoyed reading your columns for years and I thought I would share some thoughts about firewalls.
Previously I've used a Linux system (2.0.36 kernel) on a P90, 32 megs of RAM, and 2 SMC (Western Digital) 8013 (remember those?) nics, as a firewall connected to my DSL line. It was configured using NAT and such. This was a great system for a couple of years and it hosted my name server, mail server, web site, and such. However, over time, I found myself spending a lot of time keeping up with the latest patches to libraries and executables due to all of the security vulnerabilities. Because of that, I would NOT recommend a Linux box as a firewall. Yes it can be done, but you have to spend too much time keeping it up. I strongly suggest getting a good quality appliance type device. I think they are intrinsically more secure, especially if there is no user accessible OS for somebody to break into.
About a year ago I managed to pick up a SonicWall Tele2 firewall appliance for about $375 and it has worked like a charm. It has a simple straightforward web interface and works great with my DSL line. Note, I do NOT work for SonicWall but have worked now at 3 different companies where the SonicWalls have given us really good service. Anyway, I still run my Linux box, (upgraded to kernel 2.2.15 with patches, AMD K6-2 350Mhz, 192 meg of RAM, 3com 10/100 nic) as my name server, web server, file server, and mail server. Although it is still a vulnerable point into my network, the risk is significantly mitigated by the separate firewall.
Finally, for years I have thought about running a dual CPU system. My rationale is cost/performance. I can buy a previous generation (P3 based) motherboard for approx. $50, get some discarded P3s, inexpensive SDRAM (256meg), and older hard disks, and have a pretty good system for little money. I've managed to create a reasonably cheap dual cpu W2K system for approximately $250.00. I suggest you hold out for a dual P4 motherboard before you build your 2.2 Ghz system. Once it becomes too slow, you just add another CPU and tweak your OS. With Win2k it was a breeze to convert from 1 cpu to a dual CPU setup. Not quite double the performance but good enough. Another nice point about a dual CPU box, is that it throttles some processes and keeps them from completely soaking up all available CPU.
Anyway, keep writing the columns. By the way, any plans to bring Prince Lysander back in any of your books? I really liked the books with him in it.
Take care, Pete Sole' firstname.lastname@example.org
In general, routers will do a better job of routing than a general purpose computer. It's a question of what else you want the system to do. For me, the best security goes through a router to a Linux box that does other tests and spam elimination, but I am sure there are other ways to accomplish the same things.
Lysander will be back. It's a question of scheduling.
March 11, 2002 Column 258 You wrote--
"I haven't used one with DSL because I don't have DSL, but I have reports that the LinkSys and DLink routers work well"
I have an SMC with dynamic IP on DSL -- works great My brother has DLink with dynamic IP on cable modem -- works great My cousin has DLink with dynamic IP on DSL -- works great My friend has Linksys with static IP on DSL sometimes running VPN -- works great Another cousin has Linksys with static IP on DSL sometimes running VPN -- works great
Each of us has been running this from 1-3 years with no problems for any of us, well, except for occasionally forgetting what we changed the password to. And all three brands make it very easy to change the password initially. So in my experience, firewall/routers look like generic products. One less thing to worry about.
And from Joel Rosenberg, a report from, the Linux front:
After a week of playing with Applixware -- now called AnyWhere -- I've gone back to OpenOffice.org's new release, which fixed the bugs that annoyed me with the previous version, and which seems to get better and better with each release. AnyWhere had some serious trouble exporting to rtf files that anything but Word could read, although it did have some nice features.
Still having occasional trouble reading .pdf files generated by Microsoft products (hmm....), and found a site created by FrontPage that's utterly unreadable by any of the graphical browsers on my system.
Still, I'm glad I made the move, particularly given the latest exploit. My friend David Dyer-Bennet (email@example.com) -- who hosts ellegon.com, among many other things -- got hit by very clever, Red Hat tailored exploit, and still hasn't quite managed to scrub it all out of his system. (If you should email me something and don't get a response, please try another email address: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org all work).
In bad news, Mandrakesoft appears to be reduced to begging its users for money in order to avoid further staff cuts. Hence the following response to their latest begging email.
[Response, which basically says 'I sympathize, lots of luck' omitted.]
I do wish them well.
The following is excerpted from a letter, and is part of an article:
This from the Register UK daily blab.Best jer
Win-XP kills Verizon DSL
By Thomas C Greene in Washington
He kept me on hold a great deal of the time while he repeatedly consulted one of the network technicians, whose input in turn led to progressively better questions, and eventually, to the prize -- the conclusion that something was off somewhere upstream of my modem.
After forty minutes or so the third level-one techie passed me off to the network technician. Finally, I was speaking with someone who knew more than I did. It was 4:15 pm.
The problem, he explained, was that the Verizon router had locked me out permanently, so I'd have to be associated with a different one. He switched me over, and that was that.
The cause of this problem, however, originates in Windows-XP. As anyone who uses PPPoE (Point-to-Point Protocol over Ethernet) with ADSL will tell you, the MTU (Maximum Transmission Unit) has to be set to 1492 or less. On Win-XP, it's set by default to 1500, which causes your machine to irritate a naturally anti-social router, which may then shut you out.
Microsoft is clearly aware of the problem, as this bulletin shows; but XP nevertheless persists in setting up PPPoE with an MTU of 1500. The bulletin offers a registry hack for PPPoE users; but there is no patch, and there is no longer a GUI network-setting dialog which enables the user to change MTU conveniently.
Win-9x requires the use of third-party PPPoE software, and this (should) automatically set MaxMTU correctly. The problem is peculiar to XP, which insists on setting up PPPoE on its own, and gets it wrong. Linux is also not affected, as the Roaring Penguin RP-PPPoE package handles MTU properly as well.
There's more on this; it's a problem to be aware of. I will have more on this another time.
I should be working on my taxes but this seems very important - you may have already covered it in one of your security posts but if so I missed it.
By "Microsoft's Insecurity" I don't mean that Bill Gates is afraid of the dark or questions his manhood (he may - how would I know?) but rather that the version of Internet Connection Firewall (ICF) included with Windows XP has a serious flaw which renders it worse than useless, at least using Earthlink through a dial-up connection. I've had the exact same results on two different computers, one a desktop and the other a laptop.
What happens is this: either during the initial setup of Earthlink as a network connection via the Network Connection Wizard or later as an explicit modification the user attempts to activate XP's Internet Connection Firewall. All seems to go well. If the user is on-line with the target connection active at the time he/she will be advised that not all features can be implemented until sign-off and a fresh log-on. Reviewing the status of that active connection will show that the check box for Enable Internet Connection Firewall IS checked, and the user would naturally think the protection is in place. Running the tests on Steve Gibson's site right then, with the active connection unbroken since enabling the firewall, will show that the machine is indeed in full "stealth" mode, and naturally most people would now assume the issue has been successfully addressed.
WRONG! A fresh log-on (via Earthlink using their dialer at least - I have no way to test other ISP connections and/or associated software) DISABLES the firewall, and the machine is completely open to probes and hacks!
I've spent hours testing this scenario, and the result is always the same: while I can enable the Internet Connection Firewall and have it work ONCE, as soon as I log off the network and back on again the protection disappears, and the "enable Internet Connection Firewall" box reverts to being unchecked.
Frankly I don't know what's happening here, but it is happening on two separate machines that have never been on a network together. It's possible that I have been hacked myself and some malicious code is deactivating my ICF every new log on. It's possible that Earthlink somehow is disabling the ICF. And, worse case, it's possible that this is a flaw in XP and lots and lots of people out there THINK they are protected, have even tested their connection under the circumstances above and proven to themselves that they ARE protected, never realizing that once they log off that active connection session their protection vanishes.
My own response has been to buy a stand-alone software firewall - in my case the new version 3 of Zone Alarm (which also blocks those terribly annoying pop-up ads - a wonderful bonus!). Whatever is stripping the protection from XP's ICF has no effect on Zone Alarm, and my machines now test fully "stealthy" on Gibson's "Shields Up" site at all times. Many thanks to Steve and his site, by the way - without it I might have stayed naked and exposed. As it is I have no idea if hackers have made it into my main system in the past few months while I thought it was being well protected by XP's ICF; the laptop involved is brand new (more on that later) and was protected by Zone Alarm within hours of being put into service, so I'm not so worried.
I hope you can forward this to relevant parties at Microsoft and/or Earthlink and/or elsewhere for further testing. The only thing worse than having no firewall at all is having one you think is working when in fact it isn't!
All the best--
It is clearly something I can't test myself. I have told Microsoft.
On The Subject That Will Not Die, something to be aware of:
I have had nothing but via chipsets, and overall they are fine. I am reasonably competent, so I build my computers on a very limited budget. I still compute with a k6-2 450, but I have built other , more powerful systems for friends. I know I need to upgrade, but I just do not have the money. However, I was able to afford a low end Nvidia Geforce 2 Mx 400 64 meg video card. I had numerous issues with it and finally discovered after many hours of searching that it was the via chipset, and there was a third party patch for it. Once patched, my problems went away! The issue had to do with the Via chipset not queuing data requests properly on the PCI buss.
I like to think that since I have been fiddling and tweaking computers since the days of CP/M, I have more than the average amount of knowledge about computers. I was lucky. I do know a little bit and I was very persistent. I am certain that others with less knowledge or persistince might have just taken the card back. I know I almost went back to my voodoo 2000 PCI.
There are other such stories. You can certainly get those things working. You may have some work to do.
We have my accountant to thank for this:
An unemployed man went to apply for a job with Microsoft as a janitor. The manager there arranges for him to take an aptitude test. After the test, the manager said, "You will be employed as a janitor at minimum wage, $5.15 an hour. Let me have your e-mail address, so that I can send you a form to complete and tell you where to report for work on your first day.
Taken aback, the man protests that he has neither a computer nor an e-mail address. To this the MS manager replies, "Well, then, that means that you virtually don't exist and can therefore hardly expect to be employed by Microsoft. Stunned, the man leaves. Not knowing where to turn and having only $10.00 in his wallet, he buys a 25 lb flat of tomatoes at the supermarket in less than two hours, he sells all the tomatoes individually at 100% profit. Repeating the process several times more that day, he ends up with almost $100.00 before going to sleep that night. Thus it dawns on him that he could quite easily make a living selling tomatoes.
Getting up early every day and going to bed late, he multiplies his profits quickly. After a short time he acquires a cart to transport several dozen boxes of tomatoes, only to have to trade it in again so that he can buy a pickup truck to support his expanding business. By the end of the second year, he is the owner of a fleet of pickup trucks and manages a staff of a hundred former unemployed people, all selling tomatoes.
Planning for the future of his wife and children, he decides to buy some life insurance. Consulting with an insurance adviser, he picks an insurance plan to fit his new circumstances. At the end of the telephone conversation, the adviser asks him for his e-mail address in order to send the final documents electronically.
When the man replies that he has no e-mail, the adviser is stunned. "What, you don't have e-mail? How on earth have you managed to amass such wealth without the Internet, e-mail and e-commerce? Just imagine where you would be now, if you had been connected to the Internet from the very start!"
"Well," replied the tomato millionaire, "I would be a janitor at Microsoft!"
By definition, a fable must have a moral. This one has four:
1. The Internet, e-mail and e-commerce do not need to rule your life.
2. If you don't have e-mail, but work hard, you can still become a millionaire.
3. Since you got this story via e-mail, you're probably closer to becoming a janitor than you are to becoming a millionaire.
4. If you do have a computer and e-mail, you have already been taken to the cleaners by Microsoft
Have A Great Day
For the humor impaired, note that the above IS A FABLE, and see below.
And on unemployment:
Dear Dr. Pournelle;
Concerning your comments about sudden unemployment in your View of Tuesday, March 12. It sometimes doesn't matter your level of education or social standing: you can be a 45-year-old textile worker or a 45-year-old IT professional and still get caught in the gears of government. And, in some cases, the Republic can cause more grief than it offers in assistance. The case is point is a friend who has been in the IT industry for 17 years. Due to a messy divorce and altruistic feels for his ex, he was saddled with a massive credit-card debt and a large, monthly child support debt. As long as he was working, he managed to balance his bills.
During the run-up to the recession, he was laid off. One of the scary events that followed was that he wasn't making enough on unemployment to pay his child support and live. The court instigated a seizure of his unemployment benefits: they took half of the benefits and he would fall into arrears for the balance until he could get the settlement changed. That's when the credit card collection agencies began calling.
The final humiliation came when, out of desperation to find *any* work, he applied for an SAP implementation data entry job. He'd helped two national firms implement SAP, but found out his clerical skills weren't good enough to get him a job keying in figures on spreadsheets.
Granted, much of his trouble comes from decisions on his part, but instead of benign neglect on the part of society, it seems like it's actually trying to drive him into bankruptcy. It is a cautionary tale: many people are just one paycheck away from disaster.
Precisely. Aristotle said that the best republic is one ruled by the middle class, and the middle class is those who possess the goods of fortune in moderation.
Under that definition there are not many middle class in this country, because they do not OWN the means of making a living, and have no rights in their jobs, nor are their skills readily marketable (Socrates had a profession as a tradesman as well as as a teacher). One does not have to be a Marxist to understand that this can be a problem in preserving a republic.
Indeed the ancients would have said the US is far too large to be a republic and will inevitably be an empire. Our attempts to make the important stuff locally decided kept us out of the logic of empire, but we inevitably centralize now.
March 14, 2002
Begin with Paul Walker:
If you have a sufficiently twisted sense of humour, you can always find something to laugh at with government bureaucracies.
Aren't you glad that airport security has been handed over to government agencies now?
Oh we are all so much safer now...
The janitor/tomato-vendor/Microsoft piece from Ed Hume in the March 13th letters is a variation of a Somerset Maugham story, see the page at http://www.anu.edu.au/mail-archives/link/link0112/0104.html dated 7/12/2001.
Casting an “MS manager” as the person hiring someone for a janitor position makes for a cute story. In reality, Microsoft contracts with outside vendors for custodial work. I have no idea if having an e-mail address is a requirement for employees of those contract companies. However, if it is, any “MS manager” would be glad to help that person get a Hot Mail account (and Passport) and anyone, even visitors, could use one of the kiosk machines available in most MS building lobbies to access their Hot Mail account. The “MS managers” I know wouldn’t stick people who don’t have e-mail addresses with a “virtually don't exist” label. Instead we think of them as “potential customers.”
I forget that people don't read so much now as they did when I was younger. And I know that Microsoft contracts out nearly everything including the lunch room, concentrating on the core skills of the company. Thanks.
And another reader says
A couple of items:-
- the Microsoft janitor story is a variant of a Somerset Maugham short story called "the Verger", and according to http://www.snopes2.com/business/genius/bookkeep.htm it didn't even start there;
- the Ambrose Bierce material I mentioned on an earlier occasion is at http://www.radio4all.org/anarchy/quote2.html and was from Warlike America and not the Devil's Dictionary after all (sorry for the wrong attribution, but at least I checked).
The illiteracy variant of the janitor story seems very relevant to some of your own interests.
It is that kind of smug superiority that makes me wonder about Snopes. Who in the world thought that was anything but a fable? Fables by definition are not true stories, but constructed to have a moral. Anyone with enough intelligence to be here would know that email hasn't existed long enough to have given someone a chance to become fabulously wealthy after having been fired for not having it.
And today, I think, being illiterate is likely to be a great deal more crippling than when Maughm wrote that story. And the moral is still, "It's what you do with what you got..."
It was a cute story. It didn't need the analysis Snopes gives it although I suppose there is some value to tracing origins in literature, but ye gods, someone ought to get a life!
There is a long USAF policy letter posted in Reports.
On the National Guard:
Dear Dr. Pournelle,
As a former NCO in the California Army National Guard and DC Army National Guard (I also spent a year at the National Guard Bureau), I can say that my experience supports Col Hackworth's allegations almost completely.
I do disagree that the NG troops in the airport are anything more than a placebo at best, but more likely a tragic incident waiting to happen. The NG soldier who shot himself was a prime example of the lack of training that these troops suffer. You can't learn judgement and weapons skills in a couple of classes.
There were and are many good men and women, soliders, NCOs, and officers in the NG. It really isn't realistic for someone to be an effective NCO or officer (even a junior one) without active duty experience. Mastering the skills of warfare requires not only training, but repetition. One weekend a month just doesn't cut it, even if the weekend is jam-packed with quality training (which it isn't).
The quality of training was almost uniformly poor. I was often verbally reprimanded by senior NCOs for "taking it too seriously". Marksmanship scores were adjusted to fit desired outcomes, as were PT scores and every other measurement tool. I could go on and on, but you get the idea.
Politics? Good 'ol boy networks? Oh, yeah. In spades. It always astounded me to see field grade combat-arms officers who couldn't tell a foxhole from a latrine pit. I am eternally grateful that we were never called into combat. If we were, it'd be the decent folks who were doing their level best who'd be killed, while the fools (and worse!) who "led" and "trained" them would live. Seems to be the way of it, no?
I got out as soon as I could.
But what can be done about it? If we give the federal government complete control over it (it already holds the purse-strings), that's no guarantee that it will get better, and it will also futher tilt the balance of power away from the several states toward the federal government. Not that there's much balance left...
Maybe the best thing would be for the federal government to get out, and leave the states with a smaller, lighter State Militia cadre.
But certainly we no longer face the Cold War threat of Communist hordes spreading across Europe for which we needed to keep our own hordes. Modern warfare seems to be conducted with smaller, more highly-trained forces. With NG training so poor, and the time to become combat-ready so long, is there really any advantage to having them at all vs. raw recruits?
But then, as Col Hackworth points out, there's that $13 Billion in goodies for Congress to lavish out...
-- "Far and away the best prize that life has to offer is the chance to work hard at work worth doing." -- Theodore Roosevelt
In your current Byte column you give the good advice that anyone with a broadband connection should have a firewall, and that the easiest way to do this is get a good router with firewall software. Not to take anything away from the Linksys and D-Link boxes you mentioned, but let me put in a plug for SMC's Barricade line.
A friend and I each have SMC Barricade 7004AWBR broadband routers on our DSL connections and are very pleased with them. The SMC is a slick little box that's also a print server, an 802.11b wireless access point, a 3-port 10/100 switch, and has a COM port so you can connect an analog modem for dialup. It's normally $229 at Microcenter but I hit a sale there and got it for $169. :-)
It's rather easy to configure through your web browser, and there's even good online help. SMC was very security-conscious when they designed the box. E.g., you can limit administrative access to the LAN side, and also set it to discard ICMP requests, so it's not pingable from the Internet. This effectively stealths the box by making you invisible to ping sweeps. I had someone run nmap against my IP and it didn't show up unless he used the "-P0" switch, which tells nmap to not try to ping the target before doing a port scan. Aside from that, it will log hack attempts. The only time I've been knocked offline was when someone did a TCP SYN-flood attack on my IP (before I stealthed it), and the attack log revealed what happened.
For those who need it, the Barricade will do port-forwarding, and if you need to, you can create a "virtual DMZ" whereby you fully expose a host on your LAN to the Internet. (This of course opens a BIG hole in your firewall, so isn't recommended unless absolutely necessary.)
SMC also makes a Barricade without the wireless capability; I've seen it for under a hundred bucks.
While hardware firewalls are the way to go for most folks, you can do some really cool stuff with software-based firewalls. For example, did you know it's possible to set up a bridging firewall that sits between your LAN and the Internet and does packet filtering, yet has no IP? It can be done with Linux or OpenBSD (and probably FreeBSD or NetBSD, too). This makes the firewall completely invisible and essentially unhackable without console access. I plan to try this out one of these days. I'll put it in my Log O'Stuff when I do.
--- Dave Markowitz AIM: frodo527 email@example.com Yahoo: dave_markowitz http://www.building-tux.com RKBA = FREEDOM!!!
Hi -always enjoy your columns.
Thought you might be interested in the following re firewall routers. I have DSL connections both at home and at my office. At the office I have a Linksys 4 port router with firewall running interference as well as Norton and ZoneAlarm on each individual computer on the small network (4 machines-but only 3 allowed on DSL). No problems after an easy initial set up over a year ago. Every once in a while we have to reset it and the DSL modem for no apparent reason but since it is a big building my guess is that power glitches are the cause. And the reset is pretty easy - I've even got 2 other people who will do it rather than wait for me.
At home I put in a D-link 4 port router with firewall for a (2) computer system. Super easy set-up also and absolutely no glitches at all. Had it up and running for 6 months - also have Norton and ZoneAlarm on each PC.
I would certainly recommend either product for anyone with a DSL connection. As well as the extra local coverage on each PC. My PC's are running various flavors of Win98, , 98se and Win2000. Everything is very stable and I am not inclined to rock the boat. I have added more memory and some newer faster CDRW's etc but I think I will keep everything else as is unless forced to do differently. I like stability in my environment. I keep my messing around stuff separate.
Ides of March, 2002
I have got this from many sources over the past few weeks. It is probably time to post it for the record, because it raises a serious question:
Thought you might be interested in this one apropos of some of your earlier comments on the inanities of our recent airport security measures.
To ensure we Americans never offend anyone - particularly fanatics intent on killing us - airport screeners will not be allowed to profile people. They will continue random searches of 80-year-old women, little kids, airline pilots with proper identification, Secret Service agents who are members of the President's security detail, and 85-year old Congressmen with metal hips.
Pause a moment and take the following test.
In 1979, the U.S. embassy in Iran was taken over by:
(a) Norwegians from Ballard;
(c) A tour bus full of 80-year-old women; or
(d) Muslim male extremists mostly between the ages of 17 and 40.
In 1983, the U.S. Marine barracks in Beirut were blown up by:
(a) A pizza delivery boy;
(b) Crazed feminists complaining that being able to throw a grenade beyond its own burst radius was an unfair and sexist requirement in basic training;
(c) Geraldo Rivera making up for a slow news day; or
(d) Muslim male extremists mostly between the ages of 17 and 40.
In 1988, Pan Am Flight 103 was bombed by:
(a) Luca Brazzi, for not being given a part in "Godfather 2;"
(b) The Tooth Fairy;
(c) Butch and Sundance who had a few sticks of dynamite left over from the train mission, or,
(d) Muslim male extremists mostly between the ages of 17 and 40.
In 1998, the U.S. embassies in Kenya and Tanzania were bombed by:
(a) Mr. Rogers;
(b) Hillary, to distract attention from Wild Bill's women problems;
(c) The World Wrestling Federation to promote its next villain:"Mustapha the Merciless;" or
(d) Muslim male extremists mostly between the ages of 17 and 40.
On 9/11/01, four airliners were hijacked and destroyed by:
(a) Bugs Bunny, Wiley E. Coyote, Daffy Duck, and Elmer Fudd.
(b) The Supreme Court of Florida trying to outdo their attempted hijacking of the 2000 Presidential election;
(c) Mr. Bean,
(d) Muslim male extremists mostly between the ages of 17 and 40.
Nope, ain't no patterns here.
The question is, are there things we were not meant to know? Or that, knowing them, we must act as if we don't know them? Is it really reasonable to nearly shut down air commerce so that we can treat 3 year old children of US middle class citizens, 80 year old grandmother, 83 year old Medal of Honor winners, and frequent flyer businessmen the same as Muslim males between the ages of 17 and 40?
What price equality, and what price security? And have we in fact increased security at all?
The goal is not to prevent people being killed by suicide bombers. It is to make it difficult for the bomber: who today can manage to get the same people plus some security guards by blowing himself up at the airport lounge gate. It is to prevent the use of aircraft as kamikaze cruise missiles against other targets. That is best done by making certain that the airport cockpit is secured, so that at best a successful attack on an airplane does no more than bring down the airplane with possible but random collateral damage on the ground. This is a lot easier to do than the "security" measures we have instituted, and doesn't require confiscation of nail files, scissors, Medals of Honor, or for that matter swords and Bowie knives and box cutters: if you can't get to the pilots you can't take over the airplane. You may or may not be able to murder passengers and cabin crew but you may also find yourself pounded to jelly as the passengers sit on your head and cheer while you are being jumped on.
The world is not safe, but you are safer on an airplane under the old security arrangements than you are driving to the airport. On the other hand, you can now be faced with 20 years in prison for going to the bathroom 23 minutes before the plane lands: I understand that one of the charges in that case is that the passenger glared at the flight crew member.
What we are doing is stupid, probably compounded by the unfortunate fact that the inept Secretary of Transportation is the only Democrat in the cabinet and thus almost untouchable; and he hasn't a clue, other than to be politically correct in all instances.
So it goes.
On a different matter:
I noted that Microsoft article Q314100 was not available so I found another, more general article that points out, amongst other things, how to hack the registry to change the MTU size. The article is Q120642. There is a link within the article to the WINXP solution article.
----- Original Message -----
From: Bill Roellich To: firstname.lastname@example.org Sent: Wednesday, March 13, 2002 14:27
Subject: PPPOE MTU problem discussed on email of 03/13/02
Microsoft article Q314100 explains how to change the MTU size.
And on the issue that will not die: s
From: Todd [mailto:email@example.com]
Sent: Monday, March 11, 2002 8:03 PM
To: firstname.lastname@example.org Cc: Todd
You got so much fax on your amd story so wrong?I cant begin to show where your wrong! Do yourself a favor give back the money intel paid you and learn how to download drivers.Long live Mr. Sanders!!!!!AMD will be the numberone chip maker by 2004.Because of quality chip and lower prices.not like insmell i mean intel.
On a more interesting subject:
An interesting factiod bubbled to the surface a few days ago on a discussion group I participate in: There is no US field artillery in Afghanistan. There are plenty of mortars, all the way up to 120mm. But there are no howitzers or rockets in-country. Why would we leave out what heretofore has been such an important component of US land power?
After kicking it around a while, a number of things occurred to me. In a war without fronts, such as in Afghanistan, artillery is a drag on front line combat power. Infantry has to be dedicated to its security. Also, tactical transportation has to be detailed to its movement and logistics. Additionally--as I'm sure you know from personal experience--howitzers have severe field of fire problems caused by the realities of low-angle ballistics. This could cause operations to be hampered by the need to move artillery around a lot and/or cause operations to be planned on the basis of where artillery is going to be able to fire effectively on a given day. It could even lead to otherwise unnecessary supplementary operations, for the sole purpose of capturing artillery firing positions vital to the main effort.
Now, let's balance this with mortars and air power. Mortars, while not as long ranged as howitzers, are high-angle weapons, capable of getting at targets that mountains and hills mask off from artillery. They also have lower (effectively zero) security requirements, because they are organic to the infantry battalion. Their crews provide their own security. Air support, while still possessing some coordination and persistence problems, has come quite a long way in the past few years. Few would argue that a well placed 2,000 lb bomb isn't at least as effective as a volley from an artillery battery. Today, thanks to the combination of JDAM and laser guided bombs with the B-52, air support is well placed and is usually on call. Also, because of the maneuverability of aircraft, the terrain masking problem is not a serious issue (at least in an environment of air supremacy).
There is also an allied logistics dimension. Artillery on the ground requires about a score of soldiers, several vehicles, and a plethora of associated gear per gun. It can also require tons (literally) of ammunition per gun, per day of active combat operations. In an environment such as Afghanistan, where you are pretty much limited to delivering supplies by aircraft to begin with, you might as well just have the planes take ordnance right to the target, vice dropping it off at an intermediate location. Think of it as an interesting application of Just In Time logistics...
My point is this: on the modern battlefield, especially when the force to space ratio is low, as it is in Afghanistan, the accuracy revolution has tipped the balance of supporting arms effectiveness heavily in favor of aircraft delivered munitions. I'm not sure what all the implications are, but they are probably numerous and far reaching.
Just in time logistics: I rather like that. When we did the Thoth Missile proposal at Boeing in 1960 I didn't have that phrase in the proposal, but we did have the concept: if they ordnance has to be delivered by air, let it be delivered by air...
And from Frank Gasparik:
Here are 2 links dealing with controlling computers by mind alone. The second is more comprehensive.
Shades of Gil The Arm!
& & & The "OBVIOUS" hides many things that people don't look at. Frank G.
We also have:
Synopsis: Dr. Steve Mann has been doing "cyborg" research, on himself, for a number of years. He has several implants. Canadian airport security did SERIOUS damage to some of them, and he apparently is suffering significant adverse medical effects as a result of the damage.
Thank God none of the systems they damaged were critical life-support equipment.
I doubt any of my readers need to know this, but:
I know you have mentioned it in the past, but the Nigerian money scams are growing in popularity and effectiveness.
Here is a US government site with more details about the scam http://www.ustreas.gov/usss/alert419.htm
(There appears to be a "problem" when trying to access the site from outside of the US, it is like the server is not allowing it or something - go figure. If the site cannot be accessed, you might try accessing it from a different ISP, or through an anonymizer service.)
While finishing a re-read of Daniel J. Boorstin's "The Discoverers", I was struck by his quotation of John Maynard Keynes (on 'neoclassical' economist's objections to his ideas on government intervention): "Our economic structure is far from elastic, and much time may elapse and indirect loss result from the strains set up and the breakages incurred. Meanwhile, resources may lie idle and labour be out of employment... We are brought to my heresy -- if it is a heresy. I bring in the State; I abandon *laissez faire*, -- not enthusiastically, not from contempt of that good old doctrine, but because, whether we like it or not, the conditions for its success have disappeared. It was a double doctrine, -- it entrusted the public weal to private enterprise *unchecked* and *unaided*. Private enterprise is no longer unchecked, -- it is checked and threatened in many different ways. There is no going back on this. The forces which press us may be blind, but they exist and are strong. And if private enterprise is not unchecked, we cannot leave it unaided.
Jerry Pournelle is a KEYNESIAN!! <gasp> (I feel as if I'm writing for the National Enquirer <g>)
All seriousness aside, I was struck by the synchronicity of that quotation, and your recent remarks on tariffs.
The problem with state intervention is that it always tends to expand. Few would doubt that arsenals can be effective. Redstone Arsenal under von Braun was at least as innovative and effective as any private company in those days. Today Huntspatch and Marshall are the problem rather than the solution.
State institutions can be put together quickly and can be very effective: but when the problem they were created to solve has been dealt with, they tend to remain, and try to justify their existence by taking over tasks they were never meant to work on. Eventually the only way out is to abolish them, raze them to the ground and sow salt on their sites -- and they will still rise like vampires to plague us.
We need government institutions and arsenals; but we also need ways to make them go away when their job is done. Of course those in that structure won't want to go away. One possibility would be simply to pension them off. It might be expensive, but if everyone at JSC and Marshall had been pensioned prior to the development of the Space Shuttle and the new Space Transportation System had been designed from the ground up by people who had never worked in the space program before, we would probably be much further ahead now. That Standing Army of development scientists which was assembled to make Apollo happen -- and who did a splendid job and deserve commendation -- should, like armies that have won wars, have been disbanded when the goal was reached. Instead they were allowed to design a follow-on system that, surprisingly, required each and every one of them plus more to operate.
Keeping that standing army fed has been one of the biggest costs of the space program, and devoured the dream. For what we spent since Apollo we ought to be halfway to Alpha Centauri rather than wondering if we can get back to the Moon. We should have a large permanent Moon Base as well as a von Braun wheel space station. Instead --
Shuttle has about 25,000 required employees to operate a small number of craft. High tech aircraft programs like the Blackbirds needed about 50 people per airplane. Airlines typically employ about 100 people, and half of those sell tickets...
And I find this story hard to believe. It is so bizarre as to make you wonder it it isn't some kind of propaganda. If it is true I am sure we will see it in the US papers. Won't we>
Dear Dr. Pournelle,
Our "allies" in action:
I would hope the parents hunt down these "mutaween" and dispense whatever form of rough justice they deem appropriate.
-- "Far and away the best prize that life has to offer is the chance to work hard at work worth doing." -- Theodore Roosevelt
Let us hope it is false. If not, what in the world are we doing supporting people like this?
From Joel Rosenberg:
If that particular story isn't true, there's scads of other ones that are.
But it's likely to be true; the coverup is already under way: http://www.arabnews.com/Article.asp?ID=13460 . The Commission for Promoting Virtue and Preventing Vice thugs, the pravda is, weren't really members of the Commission for Promoting Virtue and Preventing Vice. Besides -- see http://www.arabnews.com/Article.asp?ID=13513 -- Prince Naif has promised to severly fine -- yes, fine -- the murderers, and "bring the culprits to account."
I think it's pretty clear that the human rights situation in Saudi Arabia would be worse under the more extreme Wahabbi mullahs than it is under the present Wahabbi rulers, but I don't think that's why the US has propped up the family of Saud for longer than I've been alive. With the exception of the temper tantrum in 1973, they've been a reliable supplier of oil -- at, understandably, every penny they can get for it -- and have been a counterbalance to neighboring regimes that aren't dependent on US support for their very existence.
That said . . . if we're going to deal with the problem of Islamist terrorism, we're going to have to, sooner or later, deal with the root of it, which is the Wahabbi regime of Saudi Arabia, which -- because it's awash in oil money -- has been the prime exporter/supporter of the particularly vile and virulent strain of Wahabbiism.
Can Saudi Arabia be made more moderate? Well, legions of ex-US Ambassadors to Arab states now employed as flacks for the Saudis will be happy to tell you that it's just a matter of time, and never mind the lack of actual progress; that they'll also tell you that the Saudis spiriting the Bin Laden relatives out of the country so that they couldn't be interviewed by the FBI was a favor they were doing the US, and that their lukewarm attempts to clamp down on some small part of the cash flow to the Wahabbi terrorist organizations was a brave and huge service . . .
Me, I say it's brocolli, and to hell with it.
-- ------------------------------------- There's a widow in sleepy Chester Who weeps for her only son; There's a grave on the Pabeng River, A grave that the Burmans shun, And there's Subadar Prag Tewarri Who tells how the work was done. -------------------------------------
Indeed. What is an imperial army for if not to seize assets for the Imperium and convey the money to the treasury, or to the friends of the Emperor?
Me. I would rather pump some money into energy independence for the United States. It wouldn't be cheap, but it might give us more choices.
March 16, 2002
And now for the silliest conspiracy theory of the year:
As you probably have heard of, a French investigator has claimed since a few days after the 9/11 that no 757 could have hit the Pentagon. This story has been reused by a French leftist group (Reseau Voltaire) who has published on monday a book about it.
I've followed the story and must tell that it's nearly impossible the official version is true : either the photos given by FBI and other official US agencies have been manipulated, either the flight 77 didn't hit the Pentagon. No need to be a talented conspirationist to notice the contradictions.
At this hour, the most credible hypothesis is :
- Either a small plane crashed or a truck exploded in the Pentagon
- The flight 77 has been shot by US Army because of a fear it would crash somewhere
- For specific reasons, US Gov has chosen not to say publicly they had shot the plane and instead mixed the two stories.
Of course it's no more than a mere hypothesis. But maybe the photos you'll find at http://www.thepowerhour.com/postings/report.htm#Part will give you more informations.
So what did happen to Flight 77? Is it still flying around?
March 17, 2002
St. Patrick's Day
I took the day off.