Saturday, March 05, 2005

Stolen Pacemakers Sold on eBay

Does your doctor shop on eBay? If so, perhaps you want to find a different doc. Here a story about how a stolen pacemaker that was sold on eBay found its way into a patient.

DRAM Prices Slump

Spot prices for DRAM continue to drop, suggesting lower prices by OEMs -- or better deals for memory upgrades.

Peter S. Kastner

IT Holiday: No Microsoft Patches This Month

Microsoft does not plan to release any security bulletins or patches this month. Last month Microsoft issued 13 security bulletins covering 17 security flaws.

Looks like IT (and consumers) get a holiday this month.

Would that this is the start of a trend where Windows is more secure and fewer bugs need patching...but it's only one data point.

Peter S. Kastner

Bloggers not protected by Constitution, says Apple

Apple can force the three website publishers to surrender the names of their sources who disclosed confidential information about the company's upcoming products, says a California judge, noting that blogs and other forms of journalism are not privileged to publish leaked information such as trade secrets.

This one will be appealed, Ladies and Gentlemen. And make precedents.

Peter S. Kastner

UPS: RFID not delivering enough value

After two years of trials, UPS is not seeing the cost and process quality improvements that it was counting on.

There are few, if any, indications that Radio-Frequency Identification (RFID) technology is accelerating in adoption due to numerous and costly problems.

Peter S. Kastner

Virtual Computing Age Arrives Soon

Intel's forthcoming dual-core processors will contain "Vanderpool" technology (VT), hardware that enables new operating-system-like software running in a "hypervisor" to efficiently control multiple operating system instances. AMD will release its virtualization spec this month.

Virtualization allows two key things to happen on computers: running multiple OSs concurrently; and, running multiple users in hardware-protected "partitions" so the users cannot corrupt each other.

Virtual processors have been around in the mainframe and Risc-Unix world for (up to) decades, so the ideas are not new. What is new is that not just servers will get a hardware assist for virtualization. Small business, notebook, and enterprise & consumer desktops will also have the option for virtual processing.

Xeon processors with virtualization are a must-but for enterprises looking at better security on multi-application machines, and particularly for server consolidation. Save those Windows NT Server licenses! They may be valuable. (Just kidding)

Virtual processing will come slowly to consumers
In spite of VT-enabled desktops reaching consumers this summer, almost no consumers will use the technology in 2005. Virtual OS software from market leader VMware is geared to corporate workstations. It may come in a shrink-wrapped box, but it is not conceived as an average-home product. Leading adopters who buy VMware for their new Smithfield computers will find the "gotcha" in this implementation of virtual technology: each OS instance boots into its own real memory. With Windows XP, that means each user partition should have 256MB, plus room for the hypervisor. That means a 3-user home system running VT will require between 1 - 2 GB of memory, raising the price well beyond the mainstream. Ditto for corporate users.

It's not clear what Microsoft has up its sleeve for desktop/notebook virtualization in the 2006 Longhorn timeframe. If MS were able to share OS code (but not data) across partitions, a lot of the memory bloat from redundant code would be minimized. I am not counting on this, however, as the likelyhood is remote. Too complex to engineer. Even Microsoft's server virtualization product is currently an add-on to Windows Server 2003. My take is consumer virtualization with efficient OS support is a generation beyond Longhorn, which means at the turn of the decade.

Peter S. Kastner

Intel Outlines Multi-Core Processor Plans. AMD Responds.

Correction: This blog published an item a week ago from The Register speculating that Intel's 8-way Itanium system for 2007, code-name Tukwila, had been cancelled. Not so, says Intel. In fact, the company committed this week to another generation beyond Tukwila -- but there are no details about Richford, expected around 2010.

MultiCores Everywhere
A total of 15 multi-core CPUs are in the Intel pipeline. All the new processors will support the execute disable (XD) bit, Enhanced SpeedStep or Demand Based Switching, as well as EM64T for 64 bit support. Intel is roughly catching up with all the features AMD has been offering for months, such as the NX bit, Cool & Quiet and 64 bit capabilities. Virtualization technology will be added this year. Next year, server I/O Acceleration and advanced manageability will debut, as well as 65 nm processors.

Intel's strategy is to out-gun AMD in useful but Intel-proprietary technologies, drawing the battle away from CPU speeds and feeds and more into feature set and overall value. Intel is also leading AMD down the lithography curve: AMD is beginning to transition to 90 nm products while Intel is delivering samples of 65 nm parts to OEMs. In getting almost a generation ahead of AMD in manufacturing technology, it will be hard for AMD to (profitably) play the lower price card and win. No bets yet on dual-processor performance, however, an area where AMD has had some success over the past year.

More on Intel's processor plans in this press release. Desktops lead the way in May, followed by Xeon later this year. Dual-processor Centrino notebooks, built on new 65 nm technology, appear early next year. Itanium leads up the rear. More review depth ZD, and The Inquirer. Tom's Hardware conference coverage here.

Meanwhile, AMD wants everyone to know it is doing dual-core too, and may even get to market in the next 60 days. With both AMD 64 processors at 2.4 GHz or better, these should be fast.

Note that Intel went out of its way to show many dual-core server, desktop and even next year's dual-core 65 nm Yonah notebook -- all running Windows XP and applications, many with production microprocessor packaging. Perhaps embarrassed about the Prescott launch disappointments, Intel wanted everybody to know these chips were running (many) months before being offered for sale.

It will be an interesting summer for consumers, sorting out all the silicon goodies now in manufacturing.

Peter S. Kastner

Software Patents Create Havoc in Eurpoe

The software patent scandal -- too many patents protecting what are really common industry practice -- is about to raise hell in the European Union. The EC wants to strengthen patent holders rights. Which means U.S. software patent holders and the open source community need to be very wary. Meanwhile, the big software companies with rich patent portfolios -- think IBM and Microsoft -- may find themselves in a better position to extract their fees or their way on the rest of the software industry. Not a good situation for innovation, especially open source.

Peter S. Kastner

A Summary of SCO's Position Financially and in Regard to the IBM Lawsuit

Business Week Online takes a look at the current state of SCO.

One correction to the article needs to be made; The code SCO recently won discovery access to can not be examined by SCO employees. That would reveal IBM's "trade secrets" to SCO. The code will have to be examined by outside consultants or other parties not normally a part of SCO and at SCO's expense. ALL 1 billion lines of it! SCO cannot pick and choose. They asked for it and will have to report on all of what they asked for.

Jack

Intel on Technology Futures

Interesting reading from a premier technology R&D company. The cover story on platform evolution ten years out is worth reading if you want hints at what your future PC will have in it, and how will it be architected. Based on what I heard at Intel's developer Forum this week, don't be surprised if 2015 microprocessors have 64 - 128 processor cores (some light, some heavy, and some as threads as in HyperThreading).

Peter S. Kastner

Cover Story
Platform 2015: Intel® Processor and Platform Evolution for the Next Decade
Shekhar Borkar, Pradeep Dubey, Kevin Kahn, David Kuck, Hans Mulder, Steve Pawlowski, and Justin RattnerThe future of computing promises a positive transformation of our world, and a continued need of ever-greater performance and capabilities. What will platforms and processors powering this future look like in 10 years? Intel's Platform 2015 vision looks ahead at the trends and usages, and architectural innovation and technology foundation driving Intel's processor architecture evolution, and future platforms based on them.
Feature Articles

Communications
Speeding Up the Network: A System Problem, A Platform SolutionPat Gelsinger, Hans G. Geyer, and Justin RattnerSome of Intel's senior technologists discuss why we created the new Intel® I/O Acceleration Technology, as well as how we're creating other new technologies and solutions that are moving server platforms to new levels of performance.
Intel® I/O Acceleration Technology Improves Network Performance, Reliability and EfficientlyKeith Lauritzen, Thom Sawicki, Tom Stachura, Carl E. WilsonIntel® I/O Acceleration Technology gets data to and from applications faster and with greater reliability and efficiency, enabling servers to finally start taking better advantage of today's gigabit Ethernet pipes and high-performance processors.

Computing Technologies
Fully-Buffered DIMM Technology Moves Enterprise Platforms to the Next LevelJon Haas and Pete VogtFully-Buffered DIMM technology, a new memory architecture, addresses the scaling needs of both capacity and bandwidth and enables memory to keep pace with processor and I/O improvements in enterprise platforms.
Intel® High Definition (HD) Audio and Dolby* PC Entertainment Experience Deliver Consumer Electronic Audio Quality on the PCErnesto MartinezThe Dolby PC Entertainment Experience*, enabled by Intel® High Definition Audio, allows system designers to develop PCs with the audio quality and surround-sound capabilities that, until now, were only available from consumer electronics devices.
Creating High Performance Embedded Applications Through Compiler OptimizationsLerie Kane The compiler plays an integral part in all application development. Read about some compiler optimization techniques that can help developers create high-performance embedded applications.
Intel® Desktop Board Software Provides Advanced Security, Multimedia, Integration Ajay GargIntel® Desktop Boards now come with an extensive set of software applications that make it easier and less expensive to integrate, set up, manage, and maintain both individual and networked systems.

Standards
The Impact of Universal 3D on Product Lifecycle ManagementHitachi Consulting and IntelUniversal 3D allows CAD/CAM-sourced 3D diagrams and animations to be shared, displayed and utilized in any mainstream application, enabling 3D graphics and animations to be used in a host of areas much later in the typical product lifecycle.

Better Apple iPod Mini. Same Price.

I went into the San Francisco Apple retail store last Monday evening as a secret shopper. It was jammed! Some young people were using the line of Macs as an Internet cafe, exchanging e-mail and IM. But lots of bixes were leaving the store.

The new iPod Mini has more storage and improved battery life in the same mini form factor. Expect a few more millions of these to fly off the shelves.

Peter S. Kastner

T-Mobile Phone and Data Hacked

While photos of Paris Hilton stored in her phone have titillating value on the Net, all T-Mobile users should be seriously concerned. Do you really want some hacker to have your contacts and all the e-mail and instant messages that have travelled through your phone? Think about it.

Peter S. Kastner

File Service and Storage for the Common Man

We're steadily moving our lives onto our computers. It's been happening for a while, now, and the trend will only accelerate. There's no stopping it. And with that move comes the problem of data loss and what to do about backups.

I spoke with Peter on the show, a few weeks ago, about Sony's newest home appliance at the time; a server/storage box. Such things are going to be more and more common and the $5000 Sony wants for theirs will come down dramatically, soon. We need such devices. The woman or man with huge stores of media files, personal files and like that simply cannot do a backup onto DVD (much less CDs) in any reasonable amount of time. Expense would prohibit the frequent backups that would be needed, too. If you have a terrabyte of data (not uncommon, these days) you'd need an awful lot of blank DVDs and time to accomplish it.

The solution is a file server with duplicate copies of every file stored on a different physical drive. A RAID array. (RAID stands for Redundant Array of Inexpensive Disks) With such an array, if one drive fails, it can be replaced and the affected data copied over from the duplicate files on it's opposite in the array. Such devices are widely used in enterprises and consumer units are coming soon at affordable prices. You won't avoid backups all together, but you can do them much less frequently with a setup like this on hand.

Of course, if you wish to "geek out" a little bit, you can have such a machine for almost no money beyond the price of the disk drives. You don't need the type of machine which is sold as a "server". You only need an old PC and some new, reliable hard drives. With the low price of hard drives, these days, it won't cost too much. Linux is the operating system of choice for this, though Windows and the various BSD distribution could be used. If you're serving Windows machines from Linux or the BSDs, you'll need Samba installed, too. All that will take up quite a bit less than 100 Megabytes of your space. Let's say you install an array of 4 250 Gigabyte drives. That will run you less than $400, if you shop carefully and wait for sales. $550 at the worst, if you don't.

You may already have the old PC lying around. If not, you can get one easily enough. Anything more than a 486 will do, though frankly something with a little more processor and a bus speed of 100 MHz or more will help. Even so, the requirements and price are low. With a KVM switch or using remote administration software like WebMin, you don't need a monitor, keyboard or mouse attached at all. There are software packages especially for the purpose, as this email I received after one show demonstrates. It's from E.J. Steinhilber;

"hi jack
on the feb 20 show ... you and peter were talking about running a simple server in the home ... i have been using NASLite ( http://www.serverelements.com/naslite.php ) for about a month now and all seems to be working fine ... Naslite boots from a 3 1/2 floppy or cd ... you can use an old machine and put in up to four any size hard drives ... i am using a 120 pentium with 64M of ram and two 250G hard drives ... i was just wondering if you heard about this and would tell us what you think

enjoy the show every week on the mp3 player ... not able to listen live
--ej"

Thanks, E.J. And since you brought it to my attention, I've tested it just a little on a PII 233 that used to be my bedside machine. With four small drives, it worked extraordinarily well and was easy enough to set up that I think anyone willing to read some can do it. Any reasonably accomplished user willing to read the documents, that is. You don't have to be a geek to come off like one, in this case. I need to point out that NasLite is for sale. Though it contains elements of free software, it is not freeware. The prices are low and I think the product is worth the cost. If that doesn't suit you, it is quite possible to do this without cost.

Previously, I had always used a network install version of Debian GNU/Linux. The download is small, about 35 MB (you can even do it via a set of 20 floppy disks) and the rest of the installation can be done using apt-get, the Debian package management system. On top of the base installation, I put Samba and a firewall, setting it to only allow access from a few, trusted, addresses. File system utilities, of course, and a few networking monitoring tools, too. I chose different sorts of remote access software, often relying on plain old telnet. WebMin would be better and there might be something better than that. I hadn't explored this idea too closely, yet. I favor installing things to the hard drive, rather than using a fragile floppy or a cdrom. Suit yourself in this.

If you need to use more than 4 drives via a PCI IDE disk controller card, it might be wise to use more of a base PC as these cards need a lot of cpu to work at anything like their rated data transfer speed. Even a 500 MHz PII or K6 would strain if one of those cards was installed. Trust me; I've tried it. But that still allows over 500 GB of storage on a regular old PC, with duplicates of every file. On a machine that most folks would give away! More than one of those cards will require even more horsepower, of course, but that's getting ahead of ourselves. You could even just take the old PC and set it up without the drive array, just to see how it goes. Then if you like what you see and have convinced yourself you can do this, go out and get the hard drives.

If you give this a shot, drop into the #icug chat on our server (chat.oncomputers.info) and tell us how it is going. The same goes if you have a problem. We'll do our best to help you get going. As always, you can email me at jack@oncomputers.info.

Jack

Dual and Multiple Core CPUs

This week is Intel's Developer Forum and much has been made of their coming dual-core microprocessors. Desktop, server and mobile versions are all in the works and coming very soon. I've always had a soft spot for multiple cpus and have owned a few duallies. The new chips are going to take all the pain out of it for us users, leaving us with the benefits.

What does it all mean? Well, faster processing. Even though the cpus are running less rapidly than a single unit would be, there are two of them and they'll be executing the longer instructions sets permitted by 64 bit addressing (which means more gets done with each clock cycle). Add in fast internal bus speeds (data transfer speeds between various components of the computer) and faster reading and writing hard drives (Serial ATA) and you have the opportunity for a really large drop in the time it takes you to do things. Only some things, mind you. Adobe's Acrobat Reader isn't going to open much faster. But if you're running Acrobat itself and rendering a large PDF, that will jump, in comparison to what your desktop today does with it. Microsoft Office won't open faster. But those huge spreadsheets in Excel will accomplish their calculations much faster. Depending on all sorts of variables, boosts in processing speed will be between 30% and 70%. Even the lower end of that range is impressive. Many of us have bought entire new systems in the past to get that kind of speed increase. Those that realize boosts near the higher end will think they've died and gone to Heaven.

Cd ripping, video editing, CAD and similar high-intensity tasks will show the most benefit from the extra power. But even if you don't do such things, you can benefit. And if you're one of those folks who simply surfs the Internet, reads and sends email and similar lightweight chores, there will always be single cpu systems available at a bargain price.

We aren't going to see double the work being done when we put in a dual-core cpu. It doesn't work like that. "Housekeeping" chores take up some of the increased capability. Even with the increased housekeeping load and the lowered clock speeds, everyone will get the benefit. Just how much benefit will depend on what you do and how you do it. Oh, and how much RAM you cram into the box. (Some things never change.) With a dual-core cpu and Windows XP Professional, I would calculate that the practicable minimum of RAM is up to 1 GB. No less, if you want to rock. Memory is quite cheap and adding it will pay dividends forever, so don't skimp on it.

Linux already supports multiple processors in it's desktop renditions. Just choose an SMP (Symmetrical Multi-Processing) kernel at installation and go. Windows XP Professional has excellent support for two cpus now and I expect that to increase. Mac OS X already has support for dual cpus and it's sweepstakes odds they will encompass support for dual installations of dual-core processors. Things will get much better in this respect, though, as time goes on. Expect optimizations to all three operating systems to make better use - possibly much better use - of the increased resources without any kind of user intervention. Previously, the user had to set things up carefully to obtain optimal performance. Windows XP Professional pretty much put paid to that and Mac OS X took it to it's present height. It just works. Expect more of the same, with the OS even optimizing itself not only for the extra processor but for the jobs at hand.

Applications will change, too. Don't expect the trend to bloated applications to go away, though. There are just too many programmers who feel free to use whatever resources their code needs with no optimization at all and without regard to user experience. But the good apps, like Microsoft Office, Open Office and many more will be optimized for the new environment(s) and we as users will be able to notice. Such optimizations will really make a perceptable difference. As the revised applications become available, we will really reap the benefits of the new hardware. Trust me on this.

There will be new uses for the increased power at our beck and call, too. Think of being able to transparently search and catalog your entire LAN! Current desktop search utilities seem to take a lot of horsepower. I've only tried two, but they were slow in function and ground reasonably fast systems to a near halt. But as home networks grow (think of large collections of multi-media files as an example) some good way to list what you have on the LAN and keep track of locations of files will be increasingly necessary. In combination with a file server/storage utility device, this type of search will become mandatory for those who otherwise would have file systems large enough to make manual searching prohibitive in terms of time and energy consumed. Let the machine do it for you. Already, I know users with a Terrabyte (1024 Gigabytes!) of files. As one puts one's whole life on her/his computer, this need will only grow more acute. Being able to find and catalog what you have is important and will be more so as time and file sizes march on.

The dual-core cpus will be a boon for us all.

Jack

Is This What Business Has Come To?

Sit back for a little tale from the customer disservice department. It appears that customer service is a thing of the past for HP. A friend recently ordered three high end customized laptops. Her experience so far as been harrowing to say the least. She first received miscommunication about restore disks, then it's been a downward spiral to the customer service reps giving her "we're sorry, but that's the way HP does things."

What's truly amazing about this saga, is the fact that none of these reps seem to care about the customer. The first rep "Dennis" wasn't able to give many answers at all. Followed by a lady that wouldn't give her name being flat out rude. So I intervened, fired off a letter to hp's ceo inquiring about looking into these issues. To which, I was quickly responded to with "we apologize" and we'll look into it to see how we can resolve things. Then a 2nd response requesting my friends contact info to help. I was impressed, by the quickness of the response. However, this was a major let down. I had my friend call them directly, and much to my surprise the following events took place.

The first rep disconnected her, the 2nd didn't seem to know how to resolve the problem. Then the 2nd lady (keep in mind neither of these reps identified themselves by name at all) referred her to Collin. Collin listened intently, but the only responses he gave to the questions or concerns raised: "I'm sorry or That's the way HP does things." The question was then raised, "If you can't provide good customer support then what will it be like once I have the computers and need tech support?" Much to her amazement absolutely no reply at all. I feel HP really has dropped the ball on this. So I am going to email them this blog and see if that maybe gets someone’s "attention." If not be prepared, there will be segment on the OnComputers show about this. So that this won't happen to any soon to be computer shoppers.
Till next time...

eBay scrambles to fix phishing bug

Yes, legitimate urls can be used to lead users to illegitimate sites. Not fun. eBay is working to fix it.

Friday, March 04, 2005

Phishing morphs into pharming

Today is the first time I had heard the term "pharming". This article over a month old but it explains pharming.

The surprising thing is that I came across the word in a quote from a Senator who was introducing an anti-phishing act (it would also cover pharming). Maybe the Senate finally has some staffers who understand the Internet and are giving some good advice. Or maybe some Senators are listening to their constiuents and are hearing their concerns. Glory be! Now somehow the DMA and the RIAA will get involved and trash it ;-).

FCC strikes against VoIP blocking

Good news for current and future VOIP users.

ChoicePoint faces inquiry, will curtail data sales

Or my alternate title: Pushing the barn doors a little bit closed with huge gaping gaps after the horse ran off. Enjoy the further escapades of ChoicePoint as outlined in this article.

Distributed Computing Might Be for You!

When I joined Seti@Home in May of 1999, I described it in print as "the common people's last chance to do 'big' science". Oh, how wrong I was! There are any number of distributed computing projects out there to partake in and I encourage anyone with spare CPU cycles to do so. You can check out some of them at the links below. This is by no means an exhaustive list, so if you don't find something that spins your propellor, you well might if you keep looking.

A Google search on "distributed computing" reveals a lot of papers on projects, schemes and structures that I found interesting. The shortest description is to be found at the
Wikipedia entry on the subject.

You can partake in almost any of these projects (some don't encompass all computing platforms).

Search for Mersenne Prime Numbers.
The "Prime95" application this uses is almost a standard stress test for PCs, too.

Folding@home Folding Proteins for Curing Disease.

Distributed.Net Various projects, mostly having to do with breaking and experimenting in encryption.


BOINC, Berkeley Open Infrastructure for Network Computing

Seti@home is gradually transferring to BIONC

Climate Prediction is an effort to improve the long-term accuracy of weather and climate forecasts.

Einstein@home Search detector data for gravity wave evidence of pulsars

The Large Hadron Collider is an atom-smasher at CERN in Europe. You can run calculations to improve it's design.

Predictor.net Uses a distributed network to predict protein structure from protein sequence.

GlobalFlyer -- what now?

I"m sorry for the complete lack of IT news on my part today, but for me this has been a golden day in aviation, and I just can't get my mind wrapped around IT stuff. Oh well, I have used the Web to gather this info.

As I reported earlier, SpaceShipOne will be at EAA Airventure in Oshkosh, WI. Now we have word straight from Sir Richard that the GlobalFlyer will also be there. I've seen a lot of neat things at Airventure including Voyager and Steve Fossett's solo balloon capsule. If you can get there, even for one day, this is a once in a lifetime chance to see them and celebrate these sucessful air and spacecrafts.

Here's an excerpt from the announcement:

March 3, 2005 - On Thursday morning during his press conference at Salina mission control headquarters, Virgin Atlantic CEO Sir Richard Branson was asked about what will happen to the GlobalFlyer.

“It may be a bit soon to be talking about it, but the Smithsonian have expressed an interest in having her (GlobalFlyer), and I think that’s ultimately where she’ll go. But...it will most definitely go to Oshkosh in July." Citing the 75-80 million hits on the GlobalFlyer website yesterday, Branson added, "There’s an enormous amount of global interest in seeing her. I don’t think we’ll tuck her away in a museum straight away.”

Thursday, March 03, 2005

Home Safe

Steve and Global Flyer are back safely!

UPDATE: He's taxiing in. And yes, I'm crying tears of joy.

2nd UPDATE 3/4/05: Late last night I got the final piece of information that many of us have been craving. How much fuel did he land with? According to the Kansas City newspaper the answer, which came from a Scaled Composites team member, is about 1,100 lbs.

Fossett Back Over U.S. Soil

He MADE it! There was some lost fuel early in the trip, and there was some concern that Fossett wouldn't make it over the looooong hawaii, west coast of the US leg of the trip.
But, I'm glad to see he did.

Windows 98, Windows 98 Second Edition, and Windows Millennium Support Extended

Here is the skinny on support for Windows9X from Microsoft!

AlaskaJoe
Windows 98, Windows 98 Second Edition, and Windows Millennium Support Extended

Wednesday, March 02, 2005

Yahoo's 10th Birthday and Free Ice Cream

If you have a Yahoo account, go to your My Yahoo page, click on the birthday link, and get your free coupon for ice cream. Good today only. Sadly, I have no Baskin Robbins nearby, but most of you do so have one on Yahoo.

For everyone, don't miss the link to a copy of the original Yahoo page in 1995 linked from the main Yahoo page (I actually remember that -- plain pages with gray backgrounds -- that was the Web in 1995).

Have fun everyone!

UPDATE: I do have a Baskin Robbins in town so I have my coupon. Yahoo has maps to your nearest Baskin Robbins :-) Why didn't I think of that?

2nd UPDATE: Jim and I went to the Baskin Robbins and got our ice cream. It was fun to sit there and watch the other celebrants walk in with their full page, home printed, coupons.

www.esupport.com update

Well, they just offered me a refund. I accepted the refund, of course. Now Let's see if and when I get it. I will post again as soon as I am sure I have it.
www.esupport.com
Update again.Got an email saying refund issued. I must say a big thanks to this BLOG. I don't think this would have happened so quickly with out it,

Bruce Schneier's Security Blog

Choicepoint's CISO Speaks

An interview with Rich Baich, CISO (Chief Internet Security Officer?) of Choicepoint.
As Mr. Schneier and Mr. Baich point out, its social engineering, not a "hack" , aka technical/computer issue.
This is why there are so many levels to protecting one's information.
And NEVER forget, anything is only as strong as the weakest link!

I forget who I'm stealing this from now, but "Be Vigilant!", always :)


MissM

Tuesday, March 01, 2005

Queen to tap Gates for knighthood

Mark your calendars. Bill will be knighted this Wednesday. Of course he has been and will remain "Sir Bill" in our hearts ;-)

'Perfect storm' for new privacy laws? | CNET News.com

Here's another article that compliments what we were talking about on the last On Computers show. Undoubtedly there will at least be a flurry of new propsed laws that I predict will be fragmented and ineffective, especially after the data aggregating companies get done with Congress.

Sea Launch Current Launch page

After a few "dress rehearsals" the Boeing 702 XM-3 satellite finally made it into orbit yesterday. I watched the live Webcast yesterday evening and it was really exciting to watch a launch that is part of something I use everyday.

There are a couple of real nice photos of the launch and you can watch the archived video as well. This page will eventually be archived so the link to this launch will change to whatever the current launch is, but this is a fun site to bookmark if you are interested in commercial space flight.

As an aside, as I watched the launch live via last evening's Webcast and heard a russian accented voice announce repeatedly "... is nominal" (meaning everything is going as planned and is satisfactory) I couldn't help remember the "Sputnik" days of my childhood. Then came Echo, and Telstar. I remember watching a few minutes live from France way back when on our black and white TV. At that time I could not imagine that communication satellite launches would be considered common. Then again, for the folks at Sea Launch, Boeing, and XM a lot was riding on this launch being a success so no launch is "just a launch" to those who have invested time, money, and great expectations.

More than a few XM Satellite Radio subscribers followed this launch which shows that when it affects your life, it is still engaging.

Virgin Atlantic Global Flyer : Flight Tracker

This morning finds the GlobalFlyer and Steve over North Africa -- Algeria at this moment. I find myself keeping this browser window open most of the time that I'm online. He's really flying high at the moment -- about 47,000 feet. His speed shows 314 knots -- I'm guess that's ground speed but I'm really not sure since the tracker doesn't say. (and for any of you pilot types, I know that's really FL470 which is why I'm guessing about the groundspeed vs. airspeed let alone TAS, IAS, etc. -- gosh I wish they would specify that!)

New Bagle damages security software | Tech News on ZDNet

Here we go again! :( I think this is one of the trojans that is getting past NAV. Once again make sure your Anti-Virus is current and up todate.

AlaskaJoe

New Bagle damages security software | Tech News on ZDNet

upgrade your BIOS? don't go to www.esupport.com

Here's what happened. There was an option to set my mother board clock to 133 MHZ. The board would not boot however when I set it to 133 MHz. I wanted this for a 266 MHz Front side bus frequency for a new CPU.
www.esupport.com has a program called BIOS agent. You run it and it submits info on you mother board CPU etc.... I did this. They say call them. I did. I was told a new BIOS would fix the problem of not being able to have a 133 clock frequncy. Well, guess what? I install their new BIOS. Now 133 MHz is not even available as an option any more.
So, I emailed Tech support and customer service. After 5 emails back and forth, with me telling them 133 MHz was no longer an option. They ask "then why did you order it" ? I replied "because it didn't work at the time and I was told the new BIOS would fix the problem".
I know this is a bit of a rant but, I for one will never trust www.esupport.com again. I was lied to.
Mopguy

Wired News: School RFID Plan Gets an F

This one goes back a way -- to Feb 10, but Jack, Peter and I discussed it on the show yesterday.

I'm the first to admit, that after revisiting the subject, in this case Jack and I were wrong about the information contained on them -- these RFIDs only contained the Student ID number which the school computers then used to track the students. However, when you read about the financial arrangements between the school and the company producing the RFID badges, it still smells. I love this part, "Boylan couldn't say how scanners above bathroom doors would help track attendance. InCom installed scanners outside 7th and 8th-grade classrooms at Brittan and above bathroom doors in a cafeteria. But Boylan noted that the bathroom scanners never worked properly anyway, and the school has since asked InCom to remove them."


At one point the article mentions "School officials could also quickly identify anyone who didn't belong on campus if they weren't wearing an RFID badge." Come again? Does that rely on RFID, or just plain old ID. Unless you have sensors for warm bodies or cameras at the same location as the RFID reader and full time monitoring, how are you going to do that? You recieve a spurious "non-signal" and run out into the hall to find someone lurking without an RFID? Yeah, right.

Wired News: No Encryption for E-Passports

This is a follow up to something we discussed on last Sunday's show. It appears our government officials put their convenience over our privacy. So what else is new?

Virgin Atlantic Global Flyer : Home Page

Here's the link to the main Web site for Global Flyer. As I write this no word of a launch. I've been scanning the news channels -- no joy. Last report at the official site is that there were crosswinds -- very dangerous for a craft like this.

UPDATE: Looks like he was off at 47 past the hour. We were able to get one report of his being at over 6500 ft. MSL and climbing. Steve and Global Flyer are headed for Chicago!

Monday, February 28, 2005

Industry analysts attack plans to increase prices. - Feb. 28, 2005

Yes, just what we all want. To pay more for legal (good) but crippled and limited by DRM (bad) music. What does the music industry not understand? Give us a good product at a reasonable price, we buy. Give us an okay product at a so-so price, we buy. Give us a crippled product at a bad price and we don't buy.

GlobalFlyer Scheduled to Take-off Today

I don't have a link to a dedicated article, but take a look the EAA Web site (title link) for details. If you don't know GlobalFlyer is a Rutan designed, Virgin Atlantic sponsored, and Steve Fossett piloted solo non-stop around-the-world on one tank of fuel attempt. All I can say is Godspeed to Steve and the entire team. Come back safely!

Microsoft to Modify Windows XP Product-Activation Policy

Now I know why I had to call in to Microsoft last week to re-activate my WinXP.

Joe


Microsoft to Modify Windows XP Product-Activation Policy

Geek News Central

"If you’ve ever dealt with PayMaxx online payroll service, you need to get a credit report on yourself ASAP!" excerpt from news.com.com

as an addendum to Peter's post about BofA's loss of tapes, if you will.


MissM

Sad news for XM subscribers....

According to Reuters.com: XM raises rates about 30% in April..
XM, whose shares jumped 13 percent, said the monthly subscription for its basic plan will rise to $12.95 from $9.99, effective April 2. For XM, the leader in the nascent pay-radio market that offers more than 100 channels of music and talk programing, it is the first price increase since its national launch in 2001.

MissM

1001 Postcards : Hurting and Healing (Aunt Edna Virus)

I'm going to admit it. I got this e-mail and since I had a relative with that name, I did a bit of extra checking. I viewed the e-mail safely as text only and saw the IP numbers instead of the URL. Clue number one.

Still, because of the name, I was curious so I went to the http://www.postcards.org site and found this "Aunt Edna Virus" page.

If you have no relative by that name I don't know how you'd ever fall for it. Even with a relative with that name, those who are skeptical first will not have to fix the damages later. Also, if you type the URL in yourself, instead of clicking on the links in the e-mail, it would keep you safe in this case.

Oh, if you are wondering, it appears that you don't get the virus until you visit the bogus Web site. That's why the e-mail is not stopped by nor does it appear as a virus to an antivirus program.

Sunday, February 27, 2005

OCPodcast

This is the On Computers podcast for 02-27-2005. If you prefer, you can download the same file here via ftp.

Bank America Lost Data Tapes: What's Lost?

Bank America recently lost 5 data tapes in air transport to a disaster backup site. The tapes contain data including social security numbers on at least 1.2 account master records. Normally, this would be page 18 news. But the fact that the master files contain account data on 60 U.S. senators and tens of thousands of federal employees who use Bank America credit cards to charge incidental federal expenses. That moves the story to page 8 in the Boston Globe!

The reporting is predictable for the national press. No discussion by technology professionals on the implications and probability of compromised data. The implication is that the tapes contain freely readable text data. Highly unlikely.

Let me go out on a limb with this analysis:
  • It is public knowledge that Bank America credit card applications run on IBM mainframes. Therefore, the tapes are likely mainframe data backup tapes.
  • Mainframe backup software comes from a variety of sources including IBM and Computer Associates. You would need to understand the backup software's data layout and its compression routines to decode the tapes.
  • You'd need an IBM tape drive with the right options for encryption and compression.
  • IBM mainframes have a hardware encryption option, which makes files thoroughly illegible with Triple DES (I made that up, but you can look up the specs at IBM's web site). In other words, the data may be double encrypted and compressed.
  • The data files probably come from an unloaded database. You'd need to understand the database unload format to be able to reconstruct records, tables or rows.
  • Then, with the uncompressed decrypted data, you'd need to map the data to individual records and fields -- without a data map or a program to provide reverse engineering help.

In short, if I hypothetically had those tapes in my hands, it would take tens of thousands of dollars and access to some heavy duty hardware and software in order to -- maybe -- get some private data. Eventually.

So, if you are a federal employee with a Bank America SmartPay credit card, I would not lose any sleep over these lost tapes.

Peter S. Kastner