Digital Choke Daynotes

 Sunday, August 22, 2004       mail    link

Well, this looks new. Let's take a short tour of the new features, for lack of anything worthwhile to write about until my brain gets more awake. (I started this post in the afternoon, after a nice lunch, and my body seems to think it would be a good time for a post-prandial rest period.)

I'm using a different font -- Verdana -- in 'extra-small' size (according to Dreamweaver MX). The day bars are now just a simple centered header, with a blue background and white text. The mail and current link links no longer have a graphic, and are in a lighter blue color. The background image is still the same binary numbers, but a slightly lighter color than before. The table above the day header uses the same background image, but no background color. And the images are gone from that table also.

The top of the page also has the blue bar theme, using the "Comic" font as before. The "Reports" area now has dates next to each report, so you can tell which ones are new. (Sudden thought: I bet I could use a PHP script to display the current date of the report file, just in case they are updated for any reason. Have to think about the implications of that.) The "What's a Daynote?" section has slightly new text; hopefully more readable.

The result, I think, is pleasing to look at. But, I've been known to be artistically challenged. I think that the Verdana font is more readable than the Arial font used before. It seems, at least to these eyes, to be a bit clearer. I do need to make some changes to the other supporting pages. And I am interested in your thoughts on the new design; send them via the email form.

I've have not used any fixed-width tables or design features. That is to allow the pages to be read at any width or resolution. These pages are even readable on my wireless iPaq. Not every web site (even among the Daynotes Gang) scales well when viewed on a PDA. For instance, the Google News site has a few problems in PDA mode. There are times when I'll fire up the iPaq in the evening to do a bit of web surfing, rather than the laptop.

I have a laptop tray that I use when surfing wirelessly while sitting on the couch. It's basically a hard plastic tray with a hard foam insert on top, and the bottom is a pillow full of styrofoam beads. It's not very good at blocking any heat transfer from the laptop; only slightly cooler than without it. I haven't found a good laptop tray yet. My requirements are fairly simple. Comfortable to rest on my lap, resistant to heat transfer from the laptop to my legs, and costs under $25. Any ideas are welcome.

Starting to see reports that the 'download.ject' group is back in business. They are sending out links via Instant Messaging (AOL) or ICQ. The links will use the problem fixed by the MS04-025 patch (released July 30) to install trojan programs on your computer. I suspect a similar attack will soon be released via email.

The installed programs are reported to change your IE Home Page, with multiple pop-ups for adult sites. They don't seem to install keystroke loggers / credit card number harvesters like the original download.ject. So the intent seems to be a traffic generator for advertising supported sites. If you can get a bunch of computers to run pop-ups of your web site, that will show as increased traffic for the ads that you have on your site.

If you have installed MS04-025 patch, or Windows XP/SP2, you are safe. Users that have enabled Automatic Updates should be getting the SP2 update Real Soon Now (if not already). Although there are some reported problems with SP2, in my opinion those difficulties are minor compared with the vulnerabilities left open without the patch.

So, you are encouraged to follow the recommendations that I discussed last week.The simple version is:

• Enable Windows Update
• Enable a firewall (and test it)
• Install and keep current an Anti-Virus program
• Run anti-spyware on a regular basis

The longer version is the "Home Computer Checklist" I developed. If you print out that list, and follow the recommendations, your computer should be pretty safe from attack. And you'll have a good documentation point for your computer. That list would also be useful for friends and relatives. You know, the people that call you up and say "Can you help me with a little problem with my computer? It won't take long....".

Finally, I note that today (August 22) is "National Punctuation Day". Which means that I can probably expect an email from "Dan C", my unofficial editor and keeper of the single apostrophe. Even though I have looked carefully at today's post, I suspect I am still punctuationally challenged.

 Tuesday, August 24, 2004       mail    link

A change in the font size today. One reader said that the 'x-small' setting was a bit too small, so I changed it to 'small' (the next size up). I've got my screen set to 1024x768, and the browser set for medium text. I only changed the style for the paragraph format, so the other text is still set to 'x-small'. Comments -- 'x-small' (the bullet items up there a bit) or 'small' (this text) -- which is more readable?

A security warning -- it would seem that Google can find just about anything, even web sites that have not properly secured your credit card number or other personal information.

Readers might find it useful to "Google" for their credit card numbers. Enter your credit card number (no spaces) in the Google search field, and see if any pages turn up. If they do, it might be wise to immediately cancel that card, and contact the credit reporting agencies to place a fraud alert on your account.

Other searches that might be interesting are your address (include the double-quote character, as in "123 main st"), social security number (with and without dashes), and other personally identifying information.

Note that the 'bad guys' are using a 'numeric range' search to look for pages with credit card numbers. This technique uses a '..' between two numeric values. For instance, a search that includes '1000..9999' (without quotes) will turn up pages with any number from 1000 to 9999. Searching for a range of 16 digit numbers could return pages that include credit card numbers.

This 'numeric range' search technique for credit card number can be helpful to the bad guys. One site I looked at had full info on the person's purchase: name, email, credit card number, expiration date, address, phone, etc. There were a couple dozen potentials for credit card theft. Big potential for mischief!

And webmasters might want to use the "site:" parameter of a Google search (as in "site:www.jerrypournelle.com") to see if there are pages that might have confidential information. . (Google will remove such pages if you alert them.)

Try it out. I'd be interested in your results. I'll post them here, properly sanitized, with your permission, of course.

Here's a link for those that might be having problems installing XP's SP2: http://support.microsoft.com/default.aspx?scid=kb;en-us;875355

I spent a bit of time on Stacy's desktop system (a Compaq with XP-Home) getting it ready for her to take back to school. I put SP2 on there, and it installed OK, but the new Windows Firewall wouldn't run. After a bit of troubleshooting, I looked in the system log, and saw that there had been a few disk errors. So I set up a CHKDSK to happen on the next restart, and let that run, which took a bit over an hour. It found a few errors, including some that had files on them. So I used the "Add/Remove Programs" to remove SP2, restarted, then reinstalled SP2. That worked just fine, with the Windows Firewall working just like it should.

The next step was to update the McAfee Virusscan to version 7. Then a full scan, which found a couple of trojans hiding in there, which were promptly deleted. (I prefer to delete, rather than clean.) I had run Spybot Search and Destroy prior to the SP2 install; that came up clean. The computer was a bit behind on the virus file updates (for which she was mildly chastised).

I decided next to get the Ad-Aware program (www.ad-aware.com ; beware of similarly sounding programs). That's running now in the other room while I sit here writing this with the Olympics in the background. Note that I am following the steps in the "Home Computer Checklist". When I'm done with that checklist, I'll make a copy of all the documentation on that sheet -- one for each of us.

I noticed reports that some colleges are advising students not to install SP2 when they first get to school. Seems that the college IT staff are worried about bandwidth flooding, and perhaps some application problems. They are advising students to turn off automatic updates.

I'd say that they should be more worried about people not installing SP2. Let the bandwidth get clogged a bit while everyone updates. SP2 needs to be installed. Unless you want to have more problems on your network, or at home.

 Thursday (morning), August 25, 2004       mail    link

Another day, another change to the style here. I'd been thinking that the 'small' font was too big, but the next step smaller ('x-small') seemed too small. So, by mucking around with some other css style sheets from other sites, I decided to try a font size of 14 pixels. So, that's what the size is for today.

I've gotten mostly positive comments on the new design. But there may be some further tweaking during the next few days.

Looking at other's Cascading Style Sheets (CSS) files is interesting. It's sort of easy to do. First, get to a page that you like. Then use the View, Source command in your browser. That will get the page source code into Notepad. Next, look for the "stylesheet" command; it's usually at the top of the source code. Make a note of the file name of the 'CSS' style. Then put that style name, along with the rest of the page's URL, into the address bar of your browser. That will download the css code into your computer.

On my computer, the CSS source code appears in the Dreamweaver MX program (my 'web page maker program'). You might get a 'download' prompt, or it may go into another program. You might need to associate (or change) a 'css' file with a program (Notepad.exe will do). This is done with the Tools, File Types command in Windows Explorer. That is where Windows figures out what program to use when you double-click a file name.

The result (on my system) is that the CSS code is displayed in Dreamweaver MX. Then I can look at the various settings, and 'borrow' those settings for my CSS style.

The technique of looking at the HTML source code is how I have learned about HTML code (along with some Google searches for HTML information sites; there are lots of them). If I see a nice technique somewhere, I'll try to figure out how it was done by looking at the source code.

On another subject, I had a comment about the "Home Computer Security Checklist" report:

It is not at all clear to me why, in order to be secure on the internet, I should wipe my Linux installation and in its place install an OS that the Department of Homeland Security has warned people not to use due to its massive security failings.

I don't think that I said that. In fact, at the end of that 'to-do list' is this statement:

I know what Mac OS X and Linux are, and I understand that these both have dramatically fewer viruses and spyware issues. I know that some people might also argue that these operating systems have a better security record than Windows, but I'll leave that to the experts to debate. Thanks for mentioning them, but I'm still going to run Windows.

I have no problem with people running Linux, or using other browsers. More power to them. But, for the majority of home users, Windows is what they've got, and they don't have an inclination to figure out a new operating system. It's not that easy (I've mucked about with various Linux distros, and haven't found a compelling reason to switch.) Linux users can be quite enthusiastic about their choice, and tend to be 'evangelistic'; some to the point where they feel/act quite superior to ordinary mortals.

The report is an attempt to educate mere mortals (what Jerry Pournelle calls "my Aunt Minnie") into the proper precautions to take with their computer to protect their information, including financial/personal information protection. If you wish to use Linux or another browser to increase your protection, that might be good for you. Some people just want to have a car that 'just works' with minimal bother. Others want to keep on tweaking their car for that extra little bit of performance. But, no matter which car you drive, you should wear your seat belt, drive defensively, and perform regular maintenance to keep you (and yours) safe.

Finally, today's security warning, previously sent (and posted) to Dr. Jerry Pournelle's pages:

Another worry: automated check payment fraud.

Here's the problem. A bogus company convinces a third-party check processing firm to accept unsigned checks. The checks contain account numbers harvested from many sources, including 'phishing'. The checks are not signed; they have a 'signature on file' authorization (somewhat like a check that is created with on-line banking bill payment).

The checks are then paid, and show up in the user's monthly statement. The charge is disputed, but there are no specific federal rules for resolving disputes involving checks (unlike credit cards, which have dispute rules). Banks are not required to refund the money (although there are some states with rules). Some banks claim that if the account number is valid, they are not responsible.

This technique is quite rewarding. Pharmacy.com was one of the bogus companies that were caught. They brought in $3.5 million (US) before being shut down, even though 70% of their attempts failed due to bad account numbers. Even then, I suppose just the interest on that amount would be rewarding enough.

The US Justice Dept is working on a crackdown on these scam artists; the Washington Post reports that Ashcroft will have an announcement on the crackdown real soon. ( http://www.washingtonpost.com/wp-dyn/articles/A60345-2004Jul18.html )

Prevention / safe practices:

• Check your account's monthly statements carefully. Or frequently looking at activity through your bank's on-line access. (My wife checks on-line daily; we use on-line bill payment extensively.)
• Don't respond to 'phishing' attempts.
• Don't give out checking account numbers over the phone.
• Be careful with on-line checking payments.
• Payments with credit cards have more protection against fraud.
• Talk to your bank to see their rules on check fraud disputes.

"Let's be careful out there."

 Friday, August 26, 2004       mail    link

I took the day off work today to help Stacy get packed for her trip back to school in Idaho. Turns out that I didn't have to do a lot of work, as one of her good friends came over (with Krispy Kremes) to have a last visit and help out. So I took her car over to the local Jiffy Lube for an oil change. Yeah, I could have done it myself, but it would have taken me at least twice as long, and then I'd have to remember to take the oil to the recycler. It's much easier to let the "pros" do it. They weren't too busy, so I was only there for about 45 minutes. I'd brought along a book to read, so the time went fast.

Then to the post office to get a couple of stamps (the check's in the mail, Greg!), then to a Kragen's for some new wiper blades and a turn signal bulb. They had some Turtle Wax car wash stuff (the kind you attach to a hose) for only $2 (regular $9), so I grabbed a few bottles of that. Then a stop at the gas station to top off the tank, and home.

By that time Stacy was through packing, so I just relaxed a bit. She decided that pizza was a good choice for lunch, so a call to the local Round Table resulted in a knock on the door about 30 minutes later (pepperoni, classic crust, garlic twists, for those that are keeping track).

I'd spent much of the last several evenings getting her computers updated. (She has a desktop, and a laptop that used to be her grandfather's). Both are Windows XP systems, so the first step was the XP2 patch. Then an uninstall of the old version of VirusScan, and installed the new version. Uninstalled Office 2000, then installed Office 2003. Installed Ad-Aware and Spybot Search & Destroy, and ran them both. Did a full virus scan. And then added a "Shutdown" icon to the desktop for an easy way to turn off the computer.

That process with the laptop worked just fine. I used the SP2 'full boat' patch that I had downloaded just after it was released. Other than the time needed to install everything, the whole process had nor problems.

The desktop took a bit longer. I started out with the SP2 patch, which installed and rebooted just fine. But the Windows firewall wouldn't start. A couple of the dependent services had problems. So I did an uninstall of XP2, then reinstalled it. Still the same problem.

Then I took a look at the system log, and saw that there were some disk errors in there. So off to the Computer Management program to get a full CHKDSK to run at the next restart after uninstalling SP2. That took about an 1 1/2 hours, and there were a few bad spots found. A restart, then SP2 reinstall, and the Windows firewall worked just fine, along with everything else.

So it was on to install VirusScan (no problems), then the anti-spybot programs (both found lots of cookies, but nothing terribly dangerous), then the Office uninstall/reinstall upgrade. A note on the Office install: I copied the entire Office CD to the C drive, then installed it from there. That way, if any additional features need to be installed, or an upgrade, she won't need to dig out the original CD. (And both systems got the Office SP1 patch).

So, although it took a while (mostly because of the hard disk problem), both systems are well protected. And we've talked about some safe computing practices, which she has been and is aware.

Stacy left about 2pm. She's caravanning with a friend (each have their own cars) to Fallon (Nevada, about an hour east of Reno), where they will stay with her friend's uncle. Then off to Rexburg (Idaho). Not hard direction-wise -- head east on I-80, turn left at Wells (Nevada), turn right at Twin Falls (Idaho), then on to Rexburg. That's about an 8 hour drive (plus stops), so that is not too bad of a drive, although somewhat boring. There is some interesting geology along the way, and you do get to pass through Battle Mountain (NV), which is billed as the 'armpit of America' (which they have taken and turned into a festival, sponsored by Old Spice Deodorant). And they brought along a pair of two-way sport walkie-talkies, so they can gab at each other along the way.

The afternoon was a bit quiet. I did some web surfing. One new stop is Will Wheaton's blog. You might remember him as Ensign Crusher on the Star Trek TV series. He is an interesting writer, much better than me. I spent some time looking at his entries for the last five months; very well done. I may just need to get his book "Just a Geek".

Pam gets to work tomorrow (it's "close out the fiscal year so lots of overtime" time of year), so my job will be to stay home and clean up this place a bit. I'm not planning on spending a lot of time outside, since the high is supposed to be 100F, although I really need to clean off the workbench in the garage.

It was only 95 today. About 4pm, I decided to go to the mailbox (to mail Greg's check; I told you it was 'in the mail'). Since we live in a subdivision, we have a neighborhood mailbox that is about a block away. So I put on a hat, but didn't put on shoes (I spend most of my time around the house barefoot in the summer, socks in the winter). Walked down the sidewalk, across the street, then around the corner to the mailbox, and back again. Did I mention that it was 95 today? And there wasn't any shade? And I had to cross the street? Twice?

It seems that the soles of my feet are a bit tender now. No blisters. But a bit tender.

The walk to the mailbox tomorrow will include shoes.