Posts

Showing posts from 2005

Spam, Spam, Spam, Spam... Not

Disposable e-mail addresses: Use once, get another. Spammer's mail goes nowhere. Everybody's happy. Spammers delenda est!

[Software] No More OWIEs !

Gettin' tired of the OWIE (Office-Windows-InternetExploder) Critical Security Breach of the week club?

Well, some public-spirited folks have made it easy to migrate away from who-knows-what-ware from M$ and onto software which is actually documented, down to the source code, so professionals can figure out if it's safe. Folks like SourceForge (a project of OSDN out in Beaverton) figure they'll make a buck if they give you their software, profiting from customizing it and supporting it.

That also includes OpenOffice, a competent suite of free programs which reads and writes Word, Excel and PowerPoint files, and does much, much more.

And, here's a head start on learning OpenOffice: Free downloadable training videos. Free is a very good price.

[eMail] Secure gMail

When you post from a computer not your own, the data you send to your e-mail service can be monitored and recorded. Here's details on how (simply!) to encrypt all that you send up and pull down when you use Google's free e-mail service, Google Mail (AKA gMail).

[WiFi] Linksys Lemons: New WRT54G not as good as previous (updated)

Apparently Linksys has changed the underlying operating system of its very popular WRT54G wireless router. Versions 4 and previous used Linux, and quite the cottage industry sprung up improving on the original code (including, of all things, running the open source Asterisk PBX to give you a VOIP home telephone exchange).

Now, version 5 of the WRT54G is said no longer to run Linux. Aarrgh. Peter Rysavy found
the serial numbers for v4 begin with CDFA and
the serial numbers of v5 begin with CDFB Version 4 also has a faster CPU and more flash RAM than previous versions, so version 4 is the way to go.

Of course, other wireless routers use the same Broadcom chipset which allows use of the Sveasoft and other mod code, so Linksys may see sales of an otherwise marvelous product drop, at least as far as the digerati are concerned.

[Mobiles] Cell Phone Towers

Image
Here's a working map ofcellular tower sites for Oak Grove & vicinity.

This Cell Phone Tower Search website does all the heavy lifting to find the towers in the FCC database and plot them in Google.

[Security] Steve Gibson's WPA random key generator

Decent wireless security depends on WPA, for the older WEP security systems (whether 40-bit or 128-bit) are useless in preventing any curious and bright grade schooler on your block from hacking in and accessing everything you do over the network. Really. Not to mention any aficianado of informally acquired methamphetamine who happens to be driving by with a laptop and a wireless card.

If the FBI can do it in three minutes, how long do you think it would take a teenager?

WPA-PSK, the version of WPA which does not require special hardware, instead needs a very, very random number used as a 'key.' Fortunately, doyen utility publisher Steve Gibson now makes available a good random key generator to make that part easy.

On the Effectiveness of Aluminium Foil Helmets: An Empirical Study

Inquiring minds wanted to know, I guess. Gotta love this finding (from the abstract):
... certain frequencies are in fact greatly amplified. These amplified frequencies coincide with radio bands reserved for government use according to the Federal Communication Commission (FCC). Statistical evidence suggests the use of helmets may in fact enhance the government's invasive abilities. We speculate that the government may in fact have started the helmet craze for this reason.

However, I must take exception with their claim that

The 2.6 Ghz band coincides with mobile phone technology. Though not affiliated by government, these bands are at the hands of multinational corporations.

for mobile telephony in North America primarily uses 824MHz-894MHz and 1850-1990MHz frequencies. Think they need a better grade of tinfoil.

[Ham Radio] EggsHam

EggsHam is a freeware test drill program for US hams, now with the updated question set. Whether you are working on your first Technician license, or want to step up to the General or Extra tickets, this freeware program is extremely useful. It contains every question in the Question Pool, and throws them at you randomly, scoring after you complete the test and showing you the errors.


[Games] RISK

Play RISK(TM) on line using Google Maps. Kewl. Now, where's Freedonia?

[Safety] How 911 failed in Katrina

This Washington Post article details how badly 911 failed in Katrina.

[E-Mail] Time travel: Send yourself a message in the future

Futureme will, free of charge, send an e-mail to you, or someone else, at a specific date in the future.

[Mobile] DIY Cellphone

Tired of paying through the nose for absurdly spendy hardware plus signing away your firstborn with a multi-yaron 'contract' for cellular service? Then, look at this DIY Cellphone project up in Pugetopolis, and another one here.

[Data Security] Digital Pearl Harbor

I've been pondering how to explain the immensity of the evil which Sony Music has done to any Windows user who has bought a CD from any of their record labels (which include Arista, BMG, Columbia, Epic, J, RCA, RCA Victor, SunComm).

Then, Dr. Jerry Pournelle, and authentic Rocket Scientist, former Presidential Advisor and whose work on computing I've trusted for a quarter century, sends me this.

No way I can top it.

Yes. he's serious, and 100% accurate.
---------- Forwarded message ----------
From: Jerry Pournelle
Date: Nov 4, 2005 8:57 PM
Subject: A Chaos Manor Root Kit Warning (1)
To: Jerry Pournelle

This is a Chaos Manor Warning. I would be shouting if I were not concerned that it would trigger your spam filters.

You may or may not be familiar with the Sony Music CD Root Kit problem.

Let me begin with the warning: do not buy or install any Sony Music CD on your PC. The records play just fine on other systems. There's no problem with Mac or Linux or with self contained m…

[Humor] Junior asks his dad, "Daddy, how was I born?"

Junior asks his dad, "Daddy, how was I born?"

His dad, who is a software engineer sighs and replies,

"Ah, my son, I guess one day you would have to find out anyway!"

"Well, you see your Mom and I first got together in a chat room on MSN. Then I set up a date via e-mail with your mom and we met at a cyber-cafe. We sneaked into a secluded room, where your mother agreed to a download from my hard drive. As soon as I was ready to upload, we discovered that neither one of us had used a firewall, but it was too late to hit the delete button."

"Six weeks later your mom sent me an instant message saying that her operating system was showing signs of unauthorized program activity from a self extracting file which had implanted itself in her BIOS.

Then nine months later a little Pop-Up appeared and said: 'You've Got Male'!"


(Found, somewhere, I ain't tellin')




________________________

[Health] This... Is A Test

The Siemens Audiology Group here offers a hearing test. Flash must be installed on your computer, and you must use headphones, earphones or earbuds, but not speakers.

[Broadcasting] More radio than you know what to do with

This map lets you see which Oregon and Washington stations have adopted HD Radio.

HD Radio adds extra signals within or near the edge of the analog radio signals we've been using forever, for improved sound quality. Not only are the digital signals stronger in town, but they're also longer lasting.

Which Way's Albequerque?

Quick website calculation ofdistance and bearing using longitude & latitude (decimalized, or degrees-minutes-seconds). Handy stuff, as is this map site, which shows topographic maps (here showing No Name City, from Kellogg Lake at the top, down to Oatfield Hill at the bottom of the frame) at eleven different levels, from 1:3,333 to 1:1,000,000. Enter the location on this page to get a small map, then resize it to any of three different on screen dimensions, and then scale up and down as needed. Click on any element on the map to recenter it where you clicked.

Federal Ministry of Approved Software

Is your software approved by Big Brother...err, the FBI?

To Sleep, Perchance To Nod Off

Here's a researcher who's seriously studying fine-tuning the power nap as a substitute for eight hours of Zzzzzzzzzzzzzzzzzs.

If you have not sussed out power napping, this eeper will eep at you if you nod off while motoring.

But, if you live in Pugetoplis (Seattle/Puget Sound area), you're weary of I-5, the world's fastest parking lot (and, what about the pavement change at the King-Pierce county line, eh?) One approach is to measure your misery & see just how bad the traffic is on your Palm.

But, instead, you can take the bus, and leave the driving to Sound Transit, who now provide free WiFi on (some) city buses. WWRKT (What Would Ralph Kramden Think?)

Communicating with mobile phones in disaster areas despite system overload (updated)

Communicating with mobile phones in disaster areas despite system overload (updated 2006-07-20)

SMS, Short Message Service, or text messaging, will work over intermittant and often even overloaded connections, to get messages in and out of congested areas to/from mobile phones. It's worked transcontinentally to save lives, and help evacuate thousands from harm's way. Learn it.

eMail-to-phone

Don't have an SMS-ready cellphone yourself? You can e-mail from a computer to an SMS-capable phone. Here's E-mail to SMS addressing for major carriers:

AreaCode+MobileNumber@alltelmessage.com AlltelAreaCode+MobileNumber@message.alltel.com Alltel (alternate)
AreaCode+MobileNumber@mmode.com former AT&T users on CingularAreaCode+MobileNumber@mobile.celloneusa.com Cellular One
1+AreaCode+MobileNumber@mobile.mycingular.com CingularAreaCode+MobileNumber@page.nextel.com NextelAreaCode+MobileNumber@omnipointpcs.com OmnipointPCSAreaCode+MobileNumber@qwestmp.com QwestAreaCode+MobileNumber@mes…

Big Hotmail Security Risk, and solutions

If you ever access Hotmail from a machine shared with others, you are very vulnerable to this attack. The full message is at Totse.com, which I have not yet caught in any bloopers. Here's a summary:

MSN Hotmail users, guard your cookies. A simple technique for accessing Microsoft's free e-mail service without a password is in the wild and could be easily exploited. The trick involves capturing a copy of the victim's browser cookies file. Once the perpetrator gains two key Hotmail cookies, there's no way to lock him out because at Hotmail, cookies trump even passwords.

What's scary about this is that once they have your cookies, they have your account forever. Even if you change your password, they can still get in.

{snip}

But even with the expiration option enabled at its most secure setting, testing showed that a cookie could be exported to another computer and still used to authenticate a password-less Hotmail login 24 hours later.

There's little Microsoft can d…

[Mobiles} Amazon Adds PalmPhone Browsing

Amazon's just announced a new new web site for Palmphones and other mobile websurfers. Price comparison in stores just became much, much easier.

[WiFi] USB b/g adapter *and* detector

TrendNet announced on 12 July a combo 802.11b/g USB adapter with a difference; it's also a WiFi detector, and shows hotspots on its own LCD. Its internal battery for detection purposes is recharged when you plug it back into a laptop of desktop. Kewl.

[InfoSecurity] Unpatched, Critical Flaw Found In Windows XP (updated)

Unpatched, Critical Flaw Found In Windows XP
Washington Post, 15 July 2005, Brian Krebs on Computer Security

Security researchers have uncovered a potentially serious security hole in Windows XP and Windows XP Professional that could allow skilled attackers to take over vulnerable computers, even PCs equipped with the latest Microsoft software patches and running the built-in Windows firewall.

{snip}
The problem resides in the Windows "Remote Desktop," which lets users configure remote access to their computer. By default, the Microsoft firewall built into the Windows XP Service Pack 2 update is configured to deny connections from the Internet for remote desktop. But remote desktop shares the same vulnerable Microsoft programming code as "Remote Assistance" -- a service designed to allow Microsoft and other technicians to troubleshoot problems on Windows machines from afar. And the bad part is that the remote assistance program is automatically allowed to bypass the …

[Mobiles] I.C.E. - In Case of Emergency

This just makes too damn much sense not to do it...

Use a consistant acronym 'ICE' (In Case of Emergency) to store contact data for the folks who should know when you're hurt, in your cellphone, computer and other digitized Address Book programs. It's such a simple idea, but could be really helpful in an emergency, as it saves EMS & ER staff time, and helps make sure a patient's loved ones are contacted ASAP.

My PalmPhone has an extensive Notes section, and supplement the ICE data, with emergency medical data in its NOTES section attached to the address (leading with my MD's contact information, followed by medications and conditions).

And, yes, I have this in my wallet, too; but, I'll wager that, given my wallet and my PalmPhone, that any stranger will find it in the cellphone first, and the cellphone can carry a lot more useful info.

This is the kind of thing best spread by 'viral marketing'; you tell your family, they tell their friends, for …

[Infosecurity] Duude, you've got a Dell, so you're hacked

Blank Administrator Password on OEM Windows XP Installation

Summary: DELL OEM XP Professional has a default hidden administrator account, with no password set. Use of this account will allow anyone with physical access to the computer to fully control the computer, add spyware, keystroke loggers, password stealing software and read all files, including temp files, local files, documents, and any email that has been stored locally. Details at http://www.securiteam.com/windowsntfocus/5KP091PGBO.html



Thanks to Robert Bruce Thompson, author of PC HARDWARE IN A NUTSHELL.



[Web] Gmap Pedometer Site UPDATED

Google Maps keeps getting more and more useful, quickly surpassing in both utility and elegance the other mapping websites. The publication of their API lets anyone create specialty maps, decribed in these reports, and sites aresprouting up all overwhichshare information on how to do this, or provide excellent examples (like this map of free Portland WiFi).

One not included therein is this Gmaps Pedometer site (or http://tinyurl.com/8a7g3 if you like Tiny URLs). Click on your starting point, on every waypoint along the way, and then your destination; the site will then calculate the distance travelled in your Morning Constitutional.

You can also downloadGoogle's Toolbar for Firefoxwhich now turns street addresses into links to Google Maps.

Many thanks to Sue and Paul Drouin Degnan who created this jewel, and extra special thanks to D. D. for many, many things entirely unrelated.

[Farvernügen] USB MP3 car-stereo with SD reader

One of my favorite blogs, BoingBoing, today mentioned a most delightful device: a USB MP3 car-stereo with SD reader, the CA-5555. from H&B. Of course, there's no telling which Chinese factory actually designed and made it..... but here's the spec sheet, en Anglais (PDF format).

This jewel has, not only an ISO-standard sized AM/FM receiver to pop into your dash, but also slots for SD/MMC cards and USB memory drives, so you can load a card or thumbdrive with your tunes and tune out Commercial Radio.

Must find a US vendor, as all the dealers so far offering it are across the pond.

[OS] Error Messages of Windows

The Esteemed First Blogger, rocket scientist and Campbell and Promethius awards winner, Dr. Jerry Pournelle, stumbled across a nice bit of shareware while looking into external USB HD backup system failures: Error Messages for Windows.

The author describes it as: a small utility that will allow you to look up MS Windows error code numbers and display a descriptive message explaining what the numeric code actually means. If you have software programs that produce numeric error codes now you can find out what they really mean.

Not shabby.

[Web] Faster Firefox & Mozilla for broadband users

Firefox/Mozilla speed enhancements for broadbanders

1.Type "about:config" into the address bar and hit return. Scroll down and look for the following entries:

browser.turbo.enabled
network.http.pipelining
network.http.proxy.pipelining
network.http.pipelining.maxrequests

Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.

2. Alter the entries as follows:

Set "browser.turbo.enabled" to "true"

Set "network.http.pipelining" to "true"

Set "network.http.proxy.pipelining" to "true"

Set "network.http.pipelining.maxrequests" to some number like 30. This means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to "0". This value is the amount of time the browser waits before it acts on information it re…

[Mobiles] Free, eBooks, free

If you use a PDA to read-ebooks, here's a freebie: eReader will offer a free eBook daily in July.

This is nothing new: Baen Books found that by making eBooks freely available, the paperback and hardback sales of those same books increased. Here's Eric Flint, one of the authors who gave away his own eBooks, describing the methodology he used to study this, and his conclusions as to why free eBooks boosted his sales.

Cory Doctorow also offers his novels for free download under the Creative Commons license at his website, simultaneously with their publication in dead-tree form.

[Mobiles] Cellular Forensics & Data Recovery

Image
The excellent and thorough Tom's Hardware site here reviews a forensic (i.e., legal evidence-grade) data recovery program for cellphones.

Most folks don't believe that their cellphone nowadays is a computer, but they are. There are several standardized operating systems for cellphones. There's PalmOS, Linux, several variants on Microsoft's Windows CE (e.g., PocketPC for Phones, Windows Mobile), , and the Symbian Series 40, 60, UIQ, versions 8 & 9, yada, yada.

With a common operating system, comes common data management utilities. That leads to the ability to share knowledge on how the systems work, and what follows are tips on how to hack in and recover data, either data lost by accident or concealed/destroyed with intent. That's long been easy with desktop and laptop systems running Windows, and before that, DOS. Heck, I did this with CP/M waaaaaaaaaay back when, a long time ago in a galaxy far, far away.

NIST created a report last year on recovering data fr…

[Farvernügen] Mah Truck's Smarter Than Ah Am

OK. This is The Future, right? The Twenty-First Century? Where's my Smart Car?

Ever since I read about Gay Deceiver (see model pix) in The Number of the Beast, ah done wanted me a Smart Truck. The SkyCar is optional; all I want to do is to drop my briefcase in the back seat, stick my thumb into the print reader and my eyeball up to the iris scanner, and tell it I'm going to work. Then I sit back, and let it do the driving for me,

Stanley the robot ('autonomous') SUV is getting closer to that highly desirable goal.

Stanley's a pretty-close-to-stock, street-legal (a first for robototrucks) VW Touareg with a miserly and eco-friendly turbo-diesel, in keeping with for VW's legendary fuel economy (and, yes, it will run on bio-diesel ; would you like fries with your ride?)

It will be entered in DARPA's second Grand Challenge for robot vehicles. Last year's event was comic, with the best vehicle only going eight miles of the 300 mile course before failure, but …

[Environment] You Can't Smell the Global Warming BS Without a Scorecard

Is there really a relationship between Global Warming and Greenhouse Gases? Sure, there's a lot of talk, but when I listen to scientists, I either get healthy skepticism about it (along with a suggestion that a methodical collection of data would be really useful), or a lot of handwaving and airy refutations along the lines of "everyone knows that's so."

Most of the latter don't even realize the Number One greenhouse gas is DMHO, nor do they advocate a plan for dealing with DMHO and its impact on the environment.

Penn and Teller have a better term for the latter kind of science. However, it takes soothing, calm words backed with facts to counter the output of powerful media machines.

There is some useful science going on. One analysis presents major claims by Global Warming/Greenhouse Gas advocates, goes back to the models and data, and from that, created a Greenhouse Warming Scorecard
{snip}Using a Win-Loss-Tie (or W-L-T) scoring system, we estimate the record is…

[Environment] Yet Another Refutation of Man-Made Global Warming

Der Spiegel, a well-respected German publication, here documents that the earth was once much warmer than today, with solid geologic proof, by looking at glaciers in the Alps. The most dramatic change in the landscape occurred some 7,000 years ago. At the time, the entire mountain range was practically glacier-free -- and probably not due to a lack of snow, but because the sun melted the ice. The timber line was higher then as well.

The scientists' conclusion puts the vanishing glaciers of the past 150 years into an entirely new context: "Over of the past 10,000 years, fifty percent of the time, the glaciers were smaller than today," Joerin states in an essay written together with his doctoral advisor Christian Schluechter. They call it the "Green Alps" theory.

Gee, how many SUVs were there 7,000 years ago? How many CFCs were leaking from air conditioners to deplete the ozone layer? How many smokestacks caused that 5,000 B.C. global warm-up?

Folks, the sun is a …

[Robots] Flocks of... computers, flying

The astoundingly prescient Neal Stephenson in his DIAMOND AGE came up with the idea of small, autonomous flying computers, connected in a wireless grid. Well, here's the first real example of a flying grid.

These would, as Neal wrote, be dandy for security purposes, as well as for extending a WiFi net over any territory without ground based infrastructure.

[Mobiles] Carrying hyperlinked documents on a Palm or other PDA

A member of the Studio Audience had a question which I think PDA users of all stripes might find handy to have an answer for. I learned how, becasue I tote around about a hundred documents at all times, and wanted a good solution for how to make Palm-readable documents.Originally posted by duugg
I have a large Word doc on my desktop that I'd like to convert over to "some" reader on my Treo. I want this file to have hyperlinks so that I can jump to and back to wherever I want (will bookmarks do the same?, other than hyperlinks taking you to a website, I'm not really sure of the difference).
My suggestion would be to strip as much of the Word cruft out of the document as you can, save to HTML, and then use either Demoronizer or Word Unmunger, depending on the version of Word used. Both fix the awful HTML which Word generates. Then convert it to Plucker.

Is it worth it? Well, download Plucker, install it, and then install some good HTML docs (like Accelerando by Charlie S…

[Hacking] DIY Hacks day

Hope you enjoy this compilation of DIY hacks.

[Society] Hey, Klingons have feelings, too!

A Blog mom here relates her eight year old's allegiance to the Federation, and what that did to the minds of the teachers at his school. What a hoot.

[Robots] We Love Our Roomba: Here Comes Scooba

Scooba now enters the scene, as a floor-washing robot, a companion to the Roomba which Mrs. Jetson and I are both fond of. I have to say, the Roomba service department has been fall-over-themselves helpful with the one problem we had with Rosie, our Roomba.

[Health] Blogs Fight Epidemics

The use of blogs to counter government non-information is discussed in this weblog, and another weblog focuses on avian flu. The Wikipedia entry on avian flu is being used by a Spanish epidemiologist as a clearinghouse for the latest information on avian flu.

[Mobiles] Palm, not-a-hard reset tip

'Day Zero' of the PalmSource Developer's Conference revealed this interesting tip for PalmOS users:If your device locks up with just the PalmOS logo after a reset, you may not have to do a hard reset. Before you get that desperate, try the following: Hold down the "Scroll Up" button and hit the reset button. It will reboot, but not send launch codes to applications. Then do a soft reset to reload everything properly (after removing the offending application if the problem was caused by a new app just loaded.)
So, now we have another kind of reset to add to the myriad of other resets. I'll have to write a PalmApp which shows the difference, so if one Palm fails, you can haul out your emergency backup Palm....

[Infosec] Step-By-Step: Cracking WEP on WiFi / 802.11 networks

Folks, I warned you all before that WEP is no security at all when anyone with any technical saavy wants your data, your network and your information. Now, Tom's Networks has published a two-part cookbook how-to-crack-it tutorial.

Your teenage hacker neighbor has already read this and
this, so you, too, should see how easy it is to break into a wireless network without WEP security.

[Mobiles] Free PDA apps: MobileDB & Checklist

Here's a free database for PDAs which synchs to Excel files. You must register with a valid e-mail address to receive the unlock codes.

Checklist is also included along with MobileDB.

No idea how long this will last. No idea what they will do with your name and e-mail.

[Infosec] Cell Phone Security, and Identity Theft Recovery Procedure

When Phones Lie is a Washington Post blog article on the basics of hacking into phone system voice mail. It explains the necessity of requiring a password for access to your voice mail.

And, in a related story, the online magazine Slate suggests a course of action if you are the victim of identity theft.

[Humor] Revenge of the Photoshoppers

A Photoshopping contest has social relevance today. I'll just leave you with one special image.

[Mobiles] New Toy, Free: Blogger Mobile

Google, ever the busy little beavers, has intro'd a blogging service for SMS and MMS users: Blogger Mobile. Details over here.

[Infosec] Fix Your Firefox - New Weakness Requires Changing Configuration

FSIRT (the French Security Incident Response Team) has announced a critical 0-day vulnerability in Firefox 1.0.3, and published working exploit code.

This exploit allows an attacker to execute random code. If a user visits a malicious page and clicks anywhere on the page, the exploit code can create and execute a malicious batch or .exe file that contains code of the attacker's choosing. Mozilla has not yet released a final patch, but they do have a workaround and an interim patch available.

Until the patch is released, you can avoid the problem by clicking on Tools | Options | Web Features and disabling "Allow web sites to install software". Obviously, that's a good idea anyway. It would also be a good idea to disable Javascript for routine browsing.

Linux systems do not appear to be vulnerable to this exploit, because merely using an executable filename extension such as .bat or .exe does not make a file executable under Linux. So, although the exploit code can still …

[Liberty] Broadcast Flag FCC Mandate Prevented by Court

UPDATE: TheSenate Appropriations Committeehasdecided to butt outand not restore this odious Big Brotherism. Keep checking, as no man's video collection is safe while the Congress is in session.

The Wall Street Journal reported on May 6 the FCC requirement for a 'Broadcast Flag' has been struck down.

That ruling, which was never requested by the Congress, would have allowed television you record to be automatically erased whenever the station, network or studio wished, and also would have enabled a block on digital copying of TV programs. (Of course, several Comcast subscribers have posted on line this is already happening, and several cable companies have been explicit about their plans to do so.

Fortunately, the First District Court saw reason and ruled that the FCC did not have the right to require a broadcast flag.Ruling in a case brought by the American Library Association, the U.S. Court of Appeals for the D.C. Circuit said the Federal Communications Commission had overs…

Pocket Encyclopedias: More Tools For You

Stumbled across DocReader today, which allows you to read (not edit) PalmDOC .PDB files on your Windows PC.

It led me to a Ring for e-text on PalmOS PDAs which I am sure will be somewhat useful, once I wade through all the fanfic links.

In my earlier post on e-text (et al.), I neglected to mention Sunrise, a Java-based scooper for Windows which automates collecting websites, converting them to Plucker documents and sets them up to install at next sync. Sunrise supports right-click context menu selection of web pages in IE and Firefox. Freeware like Firefox, DocReader and the rest, but requires Java freeware.

Humor: Rules of Computerdom

From Chaos Manor today:

Rules of Computerdom

1. There are two ways to write error-free programs; only the third one works.

2. A printer consists of three main parts: the case, the jammed paper tray and the blinking red light.

3. The programmer's national anthem is 'AAAAAAAARRRRGHHHHH!!'.

4. At the source of every error which is blamed on the computer, you will find at least two human errors, including the error of blaming it on the computer.

5. Beta. Software undergoes beta testing shortly before it's released. Beta is Latin for "still doesn't work."

6. Computer analyst to programmer: "You start coding. I'll go find out what they want."

7. Computer Science: solving today's problems tomorrow.

8. Hidden DOS secret: add BUGS=OFF to your CONFIG.SYS

9. Hit any user to continue.

10. I wish life had an UNDO function.

11. If your computer says, "Printer out of Paper," this problem cannot be resolved by continuously clicking the "OK" butt…

Is That an Encyclopedia in Your Pocket, or...

Wikiwiki is Hawaiian for quick, or 'super-fast'. One public-spirited Portland programmer, Ward Cunningham, came up with the idea of a really simple system for hyperlinked documentation in '95 he called Wiki, and moved it shortly thereafter to HTML and web servers.

Well, it's grown like The Blob. Now, it's a well-accepted system for knocking documentation together quickly, for the ability for anyone to make updates in documentation is very, very useful. Even some advertising-supported websites use Wikis as their primary sources of information.

Some Wikis are locked, without the ability for everyone to update the information, but most are open. That openness and the resulting ease of creating and updating entries far outweighs the occasional crank who posts incorrect data. Most Wikis have volunteers who track changes, and remove them if incorrect later, and many Wikis are inside firewalled corporate networks, which guarantees no unruly outsiders have access.

IMHO, i…

US Bank, Bank of America & Chase still force users to be vulnerable to ID theft

Posted in the highly recommended Risks Digest:
This may have been discussed before, but with the recent spate of DNS cache poisoning attacks and fake WiFi hotspot proliferation I believe it has new relevance.

I was actually rather shocked to find that U.S. Bank, Chase and Bank of America all still *force* users to enter their login and password on an insecure page. This exposes account holders to a great risk of their credentials being stolen. The login forms on their genuine home pages are submitted to a secure site, as they claim.

The problem is that you need security *before* you enter your data. If DNS, a router or a proxy server anywhere along the path to their server were compromised, the login page could be substituted for one that submits to another site or injected with JavaScript that sends info elsewhere, asynchronously, before it goes to the real destination. Without an SSL certificate chain there is no way to verify that the insecure page with the form came from a trusted s…

How Dense Is Your Weblog? Test it here.

Calculate the readability of your web log and see how you stack up. I'm getting a 9.8, which is OK for the tech site, but I have to lower it some for the Clackamas community weblog.

How to Throw a LAN Party

Books and Books and Bucks

If the corner drugstore don't have the book on IPv6 or whatever you're looking for, well, buying on-line's popular. However, if you go to Powell's and shop them against Amazon, you'll find Powell's is more spendy, even though Powell's is Amazon's largest warehouseing & fulfillment partner.

This leads one to ponder if further discounts are to be had by looking further. My favorite tactic has been to go to Froogle and type in the ISBN of the book, and then sort from low to high. Other good sources of prices include ABE Books, Bookpool, Books-A-Million, EveryBookstore and Fatbrain. I'm sure I'm forgetting at least one other good source.

Now, isbn.nu and Booksprice are offering comparison shopping of multiple bookseller locations. Kewl.Update: A well-read friend adds his recommendation of the AddALL service. Kewler.

Update #2: ThriftBooks, an Amazon reseller, now comes out with their own website, focusing on books at extremely low prices.

RealPlayer? Really?

If you use RealPlayer, make sure to get the security patches which solve a 'very critical' security problem.

And, if you have not been able to run it because you use Linux, never fear: Helix is an open source player which uses the same engine. There's a version for Symbian smartphones, too.

Got Spyware?

Spyware (sometimes called malware) is software loaded secretly or sneakily into your system through your Internet web browser.

Visit a site on the net (especially if you use Internet Explorer) that uses ActiveX or other 'improvements', or download a program and install it, and you can find yourself with thousands of new Registry entries and new programs you didn't know were coming, monitoring your Internet use, searching through your personal data and sending that private data off to other sites who can use it for fraud or abusing your credit. No, I'm not kidding.

Firefox and Opera are more immune to this abuse, but they don't stop everything.

Yahoo adds Anti-Spy to their toolbar (but which does other things to your system).

Anti-Spyware tools reviewed: 1234

And, my favorite freeware tool, Spybot Search and Destroy

Crack your wireless security in 3 minutes

From the Your Tax Dollars At Work Department: Here's a demo of the FBI, using commonly available and openly documented hardware & software to crack WEP 128-bit security in three minutes. Yes, three minutes.

What I tell you three times is true:WEP is not security.
WEP is not security.
WEP is not security.

Get WPA security now.

Amiga car computer?

If your ride is not adequately pimped-out now, you could do what this bloke did and add a computer into your dashboard (although the choice of computer Stateside might be a wee bit different...)

Marine Corps Blimps?

Yes, the Corps is getting blimps, to use as radio relays in Iraq.The blimps, called the Marine Airborne Re-Transmission Systems (MARTS), will receive signals through a fiber-optic tether. Then, the airships will transmit messages up to 100 miles away, via UHF and VHF frequencies. Troops on the ground, as well as pilots in the air, will be able to communicate through the blimps.

One airship, first tested in February, is being deployed to Iraq right now (exactly where, the Corps won't say). A second is being readied. The Marines are scrounging up $14 million to buy four more. It may sound like a lot, but it's cheaper than building radio towers -- and having Marines protect those towers.

A MARTS blimp "can run for two weeks before it would need refueling, and can remain afloat in winds up to 50 mph," according to DD. With a combination kevlar/mylar skin, the aerostat can even "handle small arms fire... function[ing] with a 4-inch diameter hole."

And we thought a…

Google improves mobile phone use again, for free

Google's new free service for PDA phones is another winner. Just enter http://mobile.google.com/local into your phone's browser, and you'll quickly see a mobile-friendly home page which asks for your location, and remembers if for subsequent requests (until you change it).

Maps, directions, store locations, even click-through dialing;this thing is slick, and a nice step up from their SMS-based text-only locator.

Text-only from Google? Well, you send an SMS to 46645 {which is GOOGL on a dialpad} and then the name of the store, to get the address and phone numbers back in very short order.

Both are good demos of what a PDA phone can do for you, and will help win the hearts and minds of folks who want 'just a phone.'

Emergency recovery via iPod/MP3 player

Here's a plan to use an iPod or generic MP3 player as a personal jumper cable to make recovery easy from an otherwise fatal Registry or other software-based error. Since you can continue to use the media player for its original purpose, as well as use if for recovery, this is much better than my previous recovery method, the Koppix disc.

Of course, USB memory has already exceeded the capacity of the CD-Rs I used to make Knoppix and other recovery discs... and one software house has already started marketing a system which copies Outlook and other important documents to a USB memory drive.

Cooking the books of global warming

Friends, you're smarter than the average bear, else you wouldn't be here. You're hams, and other techies, so you've evinced the willingness to use your brains and to study. Please, give me, and your future, a few minutes, and read this text, then visit the sites linked, for it's becoming clear a key element of the scientific basis for a Global Warming problem is rapidly falling apart:

This discussion, BTW, was excerpted from Dr. Jerry Pournelle's blog:One of the pillars of the case for man-made global warming is a graph nicknamed the hockey stick. It's a reconstruction of temperatures over the past 1,000 years based on records captured in tree rings, corals and other markers. The stick's shaft shows temperatures oscillating slightly over the ages. Then comes the blade: The mercury swings sharply upward in the 20th century.

The eye-catching image has had a big impact. Since it was published four years ago in a United Nations report, hundreds of environment…

Another reason why WEP security, isn't security

No wireless network based on WEP provides protection against replay attacks. With the right freeware and inexpensive wireless card, you can take any captured packet and reinject it back onto the network.... creating a back door through the 'security' of WEP. Conclusion: Convert to WPA security now.

How about a phone system, about the size of a laptop?

How about a phone system, about the size of a laptop, with multiple lines, voice mail, et al, serving an entire office? No only is it practical, but the Open Source software for it is free, using Asterisk on OpenWRT. There's another Open Source project, SIPatH, which complements the Asterisk software which is already finding wide acceptance and will turn a WiFi router with a Broadcom chipset, like the popular Linksys WRT54G into such a phone system.

Here are a few more notes on Asterisk:
Installing Asterisk @ Home
Configuring Asterisk@Home For BroadVoice

And, on Linux computers even smaller than the Linksys and other Broadcom-chipset routers:
Gumstix computers
Alternative single-board Linux computers

DHS/IAIP Daily Open Source Infrastructure Report

Published in PDF form, it's a daily [Monday through Friday] summary and assessment of open-source published information concerning significant critical infrastructure issues. Each Daily Report is divided by the critical infrastructure sectors and key assets defined in the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets.

You can find it at
http://www.dhs.gov/dhspublic/display?theme=31&content=4252

Today's Cyber-Security Bulletin

Today's Cyber Security Bulletin from CERT suggests if you use Firefox and have not upgraded to version 1.02, you are at high risk. See this link for details. So, update your Firefox, already!

Then, browse through the extensions , which customize and enhance Firefox. Adblock is worth its weight in gold-pressed latinum, as it lets you block all ads from a source, by substituting * after the '.com/' in the URL of the ad you're blocking. It takes a very short time to train your Firefox to ignore ads, but once it does, it's almost as much fun as the 30-sec fast-forward button on my DISHplayer PVRs.

Rant regarding clueless journalist

With all due respect, the National Journal piece "Spectrum Wars" which Dan Gilmour sent to BoingBoing, and which was titled at BoingBoing 'How HDTV killed firefighters, birthed the Broadcast Flag, and screwed America' is (stating things politely) over the top; or, as Col. Sherman T. Potter, USAMC would say, "MULEFEATHERS!"'Adding to the mounting pressure on broadcasters is the fact that police and fire departments cannot communicate effectively in emergencies.'
That is NOT due to the lack of spectrum made available to them. Forex: The NYPD did an excellent job of communicating on 9-11; the NYFD did not. Same hardware, same software, but very different wetware. It's been well documented that the problem is not missing bandwidth, but systems which are not interoperable.

The NYFD was a 'walled garden', the 'AOL' of emergency communications, and did not interoperate well. Brave men and women led by ignorant, incompetent and don'…