January 31, 2003
Web Browser Guide: Effective Cross-Browser Development

The following chart discusses many of the common activities that need to be performed across a variety of browsers. For each task, the differences between browsers are outlined, and a "safe approach" is suggested as a way to reconcile differences across the browsers.

Easy Firewall Generator for iptables

This program generates an iptables firewall script for use with the 2.4 linux kernel. It is intended for use on a single system connected to the Internet or a gateway system for a private, internal network. It provides a range of options, but is not intended to cover every possible situation. Make sure you understand what each option in the generator does and take the time to read the comments in the resulting firewall. This generator will not, for example, generate a firewall suitable for use with a DMZ, but it can provide a starting point. For the most common uses the generator should produce a firewall ready for use.

January 30, 2003
Retiring old Microsoft OSes - how it works

The sales rep says: "While we have tested NT on the box, we cannot provide drivers or support for NT due to Microsoft regulations regarding the certification of NEW hardware platforms on old operating systems."

January 28, 2003
rsync: A Backup Strategy for Modern Times

There's a new kid on the backup software block: rsync. rsync was originally designed to replace rcp, the venerable old Unix remote copy program. Because of its sophisticated means of synchronizing and transferring file trees, rsync is widely used for mirroring Web sites. rsync transfers only the changes in files, using the devilishly clever rsync algorithm. It calculates diffs without needing both files to be present. This little bit of magic is described in the documentation accompanying the program (for those interested in such). rsync then does on-the-fly compression, making network file transfers very fast and efficient.

Managers secretly undermine IT projects

Secret opposition from local management is a major reason for the failure of enterprise-wide systems such as enterprise resource management.

Speaking at the IT Directors' Forum, held at Cranfield University School of Management, independent consultant Alan Wright, formerly an IT manager, explained that large or global systems are loved by senior managers, but loathed by the organisation as a whole.

"They will only be successful if they change the basic business model, and you can only change this if you challenge local autonomy," he said.

Wright added that big systems also take a long time to deliver, with the biggest benefits at the back end, providing lots of opportunities for cynics to undermine them.

I've seen this happen in schools also.

Microsoft fails Slammer's security test

The messages put Microsoft in an awkward position: The company relies on customers to patch security flaws but the events of last weekend show that even it is vulnerable. In this case, Microsoft urged customers to fix a vulnerability in the SQL Server 2000 software, but it apparently hadn't taken its own advice. Moreover, despite its 1-year-old security push, the software giant still had critical servers vulnerable to Internet attacks.

"This shows that the notion of patching doesn't work," said Bruce Schneier, chief technology officer for network protection firm Counterpane Internet Security. "Publicly, they are saying it's not our fault, because you should have patched. But Microsoft's own actions show that you can't reasonably expect people to be able to keep up with patches."

Read that last line again.

Now, how will your organization fare when MS can't even keep up?

Think about it.

January 27, 2003

BrowserSpy can tell you all kinds of detailed information about you and your browser. Stuff like version of your browser. What kind of things it supports and what it doesn't support. Furthermore it can provide you detailed information about JavaScript, JVM, Java, Plugins, Components, Bandwidth, Language, Screen, Hardware, IP, Cookies, Web Server, and much more....

What will it take?

In an irony that you can be sure Microsoft will not appreciate, it appears that the worm brought down the company's XP registration servers, even as Code Red brought down Microsoft's (unpatched) patch servers.

The problems are manifold: Microsoft ships software with holes all over it. It later ships patches. But those patches are said sometimes to break more than they fix, leading system administrators to be extremely circumspect about applying them.

The whys and wherefores are beside the point, though, and have been for awhile. The fact is that every notable Internet disruption since Robert Morris's 1988 worm, and certainly every one since the Internet has become a widespread part of our lives and commerce, has had Microsoft products at its center. There are no doubt those who would argue that this is because Microsoft products are so pervasive as to be the obvious target. This is no doubt true to some extent, if only because were there less Microsoft software plugged into the Internet the effects of that software's vulnerabilities

January 26, 2003

This is sooooo funny!

January 24, 2003
George W. Bush spoof



January 23, 2003
Failure Is Impossible

"Failure is impossible." With these final words to the National American Woman Suffrage Association, Susan B. Anthony exhorted her fellow suffragists to continue fighting for the goal to which she had dedicated her life. An ardent abolitionist as well as suffragist, she was world-famous for her crusade to extend freedom and legal rights, particularly voting rights, to all United States citizens.

As my contribution to defending voters' rights, which were so widely assaulted during the 2000 Presidential election, this site is dedicated to "Aunt Susan" and to all her spiritual nieces and nephews who continue the crusade.

January 22, 2003

Wikipedia is a multilingual project to create a complete and accurate open content encyclopedia. We started on 15 January 2001 and are already working on 100267 articles in the English version. Visit the help page and experiment in the sandbox to learn how you can edit any article right now.

January 21, 2003
An easy way to improve Colorado's economy

Let me confess that I use a Linux system for my daily work, but I am not promoting it out of self-interest. As long as most of the world uses Windows and its associated programs, then most of the viruses, worms, trojan horses and other computer vexations will be written to attack Microsoft systems. More Linux users would just make Linux a more attractive target for these jerks.

Thus, on a personal level, the more Windows users, the better for me because it makes my personal computer more reliable, and I can get more work done in a day.

CD Backups In Linux (Part Two)

Last week's article left off with a basic CD writing command set that uses mkisofs and cdrecord to make CD backups. This week, let's first look at a few more command options for these programs before moving on to using tar for more complex needs and writing scripts to automate backups.

January 20, 2003
Golden Rules of Consulting

These "golden rules" were developed over the years by Peter and Celeste Stokely of Stokely Consulting. They were presented at Usenix's SAGE/LISA '95 conference during the "Being a Successful System Administration Consultant or Contractor BOF" session in September, 1995. If all consultants played by these rules, Stokely Consulting believes that the world would be a better place to work and live.

January 17, 2003
CSS Panic Guide

Web browsers that don't support web standards are a scandal. As developers, we're the interface between the content and the browsers, so we need to know where the browsers screw up or our pages will fail.

Nice situation isn't it? We've got users and content providers, and a web with clear standards to connect the two. Then there's all these browsers with their failed standards support getting in the way. If you like paranoia, follow the money and concoct a conspiracy theory or two. Or despair about human intelligence.

Meanwhile, when one of these outfits promotes their "partial compliance", give them hell. Partial compliance isn't compliance, and it's destructive to the web. Users don't know better, but you do. Get loud about full standards compliance.

Cascading Style Sheets, level 1 (With Mozilla Bug Annotations)

This document is a W3C Recommendation. It has been reviewed by W3C (http://www.w3.org/) Members and general consensus that the specification is appropriate for use has been reached. It is a stable document and may be used as reference material or cited as a normative reference from another document. W3C promotes widespread deployment of this Recommendation.

CSShark answers Frequently Asked Questions

This web site will answer some of those frequently asked Questions, explains some of the Basics of CSS, gives you tips and tricks for tackling the problems with Netscape 4, offers you a tutorial about Positioning with CSS (CSS-P, web design without tables). There is also a page with interesting Links.

January 16, 2003
Open-Source Windows? Uh, Kinda

Microsoft has no intention of allowing government geeks to freely paw the company's beloved source code.

The company's new Government Security Program will be far more akin to a peep show guarded by aggressive bouncers than a full-blown open-source orgy.

Decrypting the secret to strong security

As for the notion that open source's usefulness to opponents outweighs the advantages to users, that argument flies in the face of one of the most important principles in security: A secret that cannot be readily changed should be regarded as a vulnerability.

If you depend on a secret for your security, what do you do when the secret is discovered? If it is easy to change, like a cryptographic key, you do so. If it's hard to change, like a cryptographic system or an operating system, you're stuck. You will be vulnerable until you invest the time and money to design another system.

January 15, 2003
Efficiently Updating Web Sites on Clusters

Typical strategies for doing these frequent updates were not satisfactory. Either the site would be down for more than a few moments when the update occurred, or the site would be in an inconsistent state during the update. Worst of all, the site could be left in an inconsistent state if the update failed part-way through the process. To overcome these drawbacks I applied a little cross-discipline creativity. By applying the page flipping technique from the graphics world, I was able to achieve a quick and non-intrusive method of updating the clustered web site.

Excellent ideas in this article... I'm sure I can use something like this in one of my projects!

Watching a Honeypot at Work

The purpose of this article is share with the security community the data I collected from my honeypot. There are many papers available that explain how to set up honeypots and the risks one takes when running a honeypot. While this paper will briefly cover touch upon these topics, it is written for people who want to understand what data honeypot will provide them. This discussion will include the attacker's recon, the attack, the attempted cover-up, and the reason for the attack on the honeypot.

January 12, 2003
Is Microsoft courting disaster?

So for more than two-thirds of Microsoft's software portfolio by revenue the company is no longer the best price/performance producer, but in fact often has one of the highest purchase costs. Now Microsoft might argue that they have the best features and functionality, and in the case of Visual Studio with its drag-and-drop designers and visual debuggers that may well be true.But not so in the case of Office editions and both desktop and server operatings systems. The core features of Star Office/Open Office (they use 95 per cent of the same codebase) are very competitive with Microsoft Office. In addition, OpenOffice adds the the non-trivial virtues of cross platform performance including running on versions of Windows that Microsoft no longer supports, while suppo

January 11, 2003
What lawyers can learn from comic books.

There's a lesson in this example that executives in the content industry should think about before they sign away their businesses to lawyers. The law is a rough-edged tool. It was not crafted by geniuses of economics. How it affects new and different markets is uncertain. A smart business therefore asks not whether the use of its content is "theft," but whether the use of its content will (eventually at least) benefit it. The business of business is to make business, not to purify the world of copyright violations.

January 10, 2003
Four Years under the DMCA

Since they were enacted in 1998, the “anti-circumvention” provisions of the Digital Millennium Copyright Act (“DMCA”), codified in section 1201 of the Copyright Act, have not been used as Congress envisioned. Congress meant to stop copyright pirates from defeating anti-piracy protections added to copyrighted works, and to ban “black box” devices intended for that purpose.[1]

In practice, the anti-circumvention provisions have been used to stifle a wide array of legitimate activities, rather than to stop copyright piracy. As a result, the DMCA has developed into a serious threat to three important public policy priorities:

Jawdropping Press Briefing on Iraq from the White House

Q Would the President attack innocent Iraqi lives?

MR. FLEISCHER: The President wants to make certain that he can defend our country, defend our interests, defend the region, and make certain that American lives are not lost.

Q And he thinks they are a threat to us?

MR. FLEISCHER: There is no question that the President thinks that Iraq is a threat to the United States.

Q The Iraqi people?

MR. FLEISCHER: The Iraqi people are represented by their government. If there was regime change, the Iraqi --

Q So they will be vulnerable?

MR. FLEISCHER: Actually, the President has made it very clear that he has not dispute with the people of Iraq. That's why the American policy remains a policy of regime change. There is no question the people of Iraq --

Q That's a decision for them to make, isn't it? It's their country.

MR. FLEISCHER: Helen, if you think that the people of Iraq are in a position to dictate who their dictator is, I don't think that has been what history has shown.

Q I think many countries don't have -- people don't have the decision -- including us.

Truer words have never been spoken.

disruptive technologies

Imagine a housing market in which trees are scarce. In that market, much money is made by the few companies that control the expensive commodity called lumber.

But then imagine that someone discovers a nearby land with bountiful forests ready to supply vast quantities of inexpensive lumber. Suddenly, the once-lucrative lumber trade is no longer the virtual gold mine it once was. Instead, the home builder becomes the chief money maker in the new resource-plentiful housing market.

Has the discovery of cheap resources destroyed the housing market? Not at all. In fact, the new market is likely to flourish because more people will be able to afford new homes at significantly lower cost. Has the market been disrupted by the change? Yes, because those that build the total solution (the house) stand to make more money from higher volumes, while those that provide lumber will only make modest profits on building materials.

Open source does much the same thing to the software industry. It will no longer be possible to charge exorbitant prices for basic software resources. There still will be plenty of room for profit in services, solutions, and even highly specialized closed-source software. But the days of high prices for basic resources will come to a close.

CD Backups In Linux

Burning a disk is a two-step process. First create an ISO9660 image, then burn the image to disk. mkisofs creates filesystems, while cdrecord controls the actual writing to disk.

January 09, 2003
Three Parts To Every Good Bug Report

And the Lord spake, saying, "First shalt thou take out the Holy Pin. Then, shalt thou count to three, no more, no less. Three shall be the number thou shalt count, and the number of the counting shalt be three. Four shalt thou not count, nor either count thou two, excepting that thou then proceed to three. Five is right out. Once the number three, being the third number, be reached, then lobbest thou thy Holy Hand Grenade of Antioch towards thou foe, who being naughty in my sight, shall snuff it."

January 07, 2003
Top Ten Conspiracy Theories of 2002

For these reasons and hundreds of others, the year following September 11 has seen probably the most staggering proliferation of "conspiracy theories" in American history. Angry speculation – focused mainly on government dirty dealings, ulterior motives, and potential complicity in the attacks – has risen to a clamor that easily rivals what followed the Kennedy assassination. Some of these suppositions are patent balderdash. But many others are coherent and well argued, and cite disconcerting reports from the U.S. corporate media and respected overseas news desks to support their claims. Providing grist for the mill are such odd episodes as last year's partisan anthrax poisonings (using U.S. army microbes) and the sniper attacks that recently plagued Washington, DC.

January 06, 2003
Correcting MS and their FUD Machine

This document addresses a presentation colloquially known as “MS-GPL” and described as “a presentation of Microsoft Benelux in Belgium & Luxembourg.” The slides, dated 22 November 2002, purport to be Microsoft's most recent response to the Free Software Foundation's General Publc Licence (GPL).

Halloween VII mentioned achieving limited success through publicising Shared Source, and it looks like Dirk Tombeur's presentation is an attempt to leverage that success.

I have only addressed the slides entitled “Areas of Concern” since the rest of the presentation is mainly non-controversial background material. Quotes are taken literally, which means American English spelling; these comments are written in Australian English for the very simple reason that the author happily hails from Down Under and refuses to adjust his spelling to suit 5% of the world's population (at the expense of at least as many others in various Commonwealth localities).

Quoted text fragments from the slides are indented and in Courier typeface.

Stupid people

See, COWC had hired a "technical guy" (I'll refer to him as Mor-On) to take care of their PC network, and he wanted to take over the site because of course he thought we were ripping them off (which we weren't - we were charging them a very modest hourly fee for updates to their site, which they got organized and designed for a song in the first place). We had meetings dicussing the possibility of Mor-On using FrontPage (shudder) to maintain the site, which of course wouldn't work because we were using SSI. Also discussed was Mor-On wanting to move the COWC server from WPI, where it was nicely in the happy aerated machine room and hooked up to a high-speed connection, to the closet downtown in their offices, connected to a lowly DSL. Finally, Mor-On wanted to move the site to an MIIS box (shudder), which would of course break the site completely. We wanted out, and so we did.

January 03, 2003
Halloween Document 8

Gentlemen and ladies, this newest leaked memo from Microsoft confirms that we are advancing through GandhiCon Three. As usual, highlights are in red and comments are in {green, also bracketed for the color-blind}. Also as usual, the memo is otherwise unedited and exactly as I received it, with one exception: in the text version I was sent, the last bullet item was inexplicably positioned after the sender sig "Orlando".

Some analysis follows the memo.

January 01, 2003
Life in the trenches: a sysadmin speaks

Management should set the budget and the overall needs. Systems staff need free reign to implement a solution that meets those needs within the budget.

Otherwise, what you end up with is a system that doesn't work very well because it was designed by people who are not qualified to design it. Managers are skilled at management tasks, they know what the business needs of the company are but, as a general rule, they do not have the knowledge or experience required to make technical decisions.