from nuts and bolts to nets and bytes

© 2022. All rights reserved.

Growing threats to security and privacy

30 Dec 2005

“What is a damn rootkit anyway? I don’t know. Most people don’t know. It will all be forgotten soon!” CEO Sony BMG.

The answer to Sony BMG’s CEO is simple.

A rootkit gives carte blanche to whoever can take advantage of it. That can be Sony or any other cyber criminal! Nothing on the infected PC is safe.

**
The threat of extreme data miners.

  • Extreme data miners are the folks who make or use spyware.
  • Data mining is an accepted practice among advertisers and marketers. Large companies like Yahoo, Microsoft and others are quietly using less extreme spyware tools.

The threat of legal system abuse to protect spyware vendors.

  • Security vendors are being sued by spyware and unsolicited email vendors.
  • As a result the antivirus, antispyware and other security tools are neutered to avoid legal action.
  • Spyware and unsolicited email vendors have also sued the Open Source and volunteer groups.

The threat of uncontrolled, unsolicited e-mail and the coming problem of voice spam over VOIP.

  • The FTC made the clueless claim in December that the CAN-SPAM law was successful. Any drop in spam is due to improved technology and more aware email users. It is more likely that the FTC was coerced into making the claim by the Direct Marketing Association Lobby.
  • I did background checks on a number of vendors who offer outsourcing services for webhosting and email hosting. They promote better security and better control of spam. The majority of those vendors also hosted unsolicited email senders who were currently flooding email systems I am responsible for. That is a conflict of interest in my book.
  • VoIP telephony is a new industry. It is growing along with the greater bandwidth Internet connections. Caution is required when shopping for a VoIP provider. Many providers are basing their business model with a heavy dependency on advertising. That translates into voice spam telemarketing. Read the terms of use carefully.

The threat of extreme copy protection.

  • Copy protection schemes are putting the end user at risk. I respect a company’s right to protect their products but some of their actions are placing end users at risk.
  • The larger the market share that a vendor has the more extreme the copy protection. When a vendor’s product saturates a market there is more return from fighting piracy than investing in sales or customer service.
  • When evalutating software purchases it is necessary to balance the features against restrictive copy protection.

Repetitive stress of the mind

30 Dec 2005

Looking at the symptoms of Aspergers and the various mental issues associated with engineering and other technology types I’m developing the opinion that it is not an problem for psychologists. The drugs used to treat the problems benefit the pharmaceutical companies more than the patients.

After a period of intense coding or troubleshooting I can see these symptoms become more prominent in myself. After a break or change of scenery the symptoms go away. Computer/video gamers show the same behavior. The medical community reported repetitive stress injuries in gamers in the form of wrist problems.

I suspect that what is being diagnosed as Aspergers in many cases is repetitive stress injury of the mind.

Some simple solutions–

  • Bananas! Just look at the vitamins and other benefits of bananas. While I’m no doctors bananas seem to be a better way to go. Bananas have to be better for you than Zoloft. And the last time I checked they were less expensive than the mind altering medications. So you help manage run away healthcare costs.
  • Change your scenery. One good lesson we can take from smokers–NOT SMOKING of course–but the way smokers take smoke breaks during work. Every once in awhile get up and walk around, go out doors or whatever.

Windows “Monad” Shell Beta 2 upgrade problems

30 Dec 2005

Picked up the new O’Reilly book on Monad. After reading a few pages I started the older rev of Monad to work along with the book. Monad started with a bunch of errors and died.

In Add/Remove Programs there were four dot.net libraries–

  • v1.0
  • v1.1
  • v2 Beta 2
  • v2 release version

v2 Beta 2 was installed to support Monad initially. It worked fine at the time. Since then the release v2 was installed for another application. I couldn’t remember running Monad since installing the release version so it seemed logical that might have broken something. So v2 Beta 2 was uninstalled.
Since the book referenced Monad Beta 2, I downloaded the latest rev of Monad. When the new Monad was started it produced this error:

CLR Error: 80004005

Googling the error and searching Microsoft’s website didn’t produce a solution. The 80004005 error was frequently seen with database access and appeared to be related to security access. None of the suggestions helped.

This process worked though:

  1. Uninstalling the dot.net v2 Beta 2 runtime
  2. Reinstalling the dot.net v2 release version

I can work along with the book now.

What is so good about Monad?

  • Up until now the Microsoft command lines were very weak compared to those available in Unix
  • A good command line processor allows you to automate tasks in ways that are impossible from a GUI (graphic user interface)
  • While there are more powerful command line processors available for Windows (like Cygwin) they are a bolt-on that feels more like Unix/Linux than Windows
  • Of the great things about the Unix/Linux command line processors is the ability to pipe the output of one command as text input for another command. Monad can do this as well as piping structured data or objects from one command to another.

A couple negatives about Monad–

  • Monad is a Windows-only tool. It is deeply integrated with the Windows platforms
  • There is a growing acceptance of scripting languages like Perl, Python and Ruby. These languages compete with Monad. As programming languages they are more mature and have a wide user base. And these three scripting languages have implementations on most operating systems.

WordPress 2.0

27 Dec 2005

If only all upgrades went as smoothly…

Does that sound familiar? The last upgrade also proved that the anxiety leading up to the upgrade process was just so much wasted energy.

The image above was easily uploaded and dragged into the posting.  Almost as easy as using Word!

FreeNX – the free NX

18 Dec 2005

FreeNX – the free NX

FreeNX is the Open Source version of NoMachine. No Machine is a remote access client similiar to Symantec’s PCAnywhere and VNC.

Since the NoMachine client can use SSH (Secure Shell) it is very secure. VNC is not secure because all VNC network traffic is sent without encryption. On a small firewalled network that is not much of an issue for VNC but in a hostile environment such as the Internet using VNC is not recommended.

FreeNX is supposed to be more responsive over slower connections. But I haven’t had a chance to test performance.

Setup for FreeNX is more involved than VNC. The question is still open for whether that extra effort is worth the FreeNX benefits.
Because the client for Windows uses components from Cygwin, there’s the risk of conflicting Cygwin versions.
The FreeNX server is Unix/Linux X Windows based. When using VNC the server component can be run on a Windows system so that it can be controlled remotely. There are extra steps involved for connecting a FreeNX client to control a Windows system remotely.