Search this site:

« November 2004 | Main | January 2005 »

December 31, 2004

Please help

Update: I've changed the date and time on this post so it will stay at the top of my blog through December 31. As of 12:00 noon PST on Wed 29-Dec, more than $2.25 million has been donated to the relief fund through Amazon.com alone. That is an amazing thing. Thanks to everyone who has done so.

Further update: As of noon on Thursday 30-Dec, more than $4.25 million has been donated through the Amazon.com link alone.

I can't even begin to fathom the scope of the tragedy in South Asia. I do know that we can all help by sending some money to the relief effort. I got a few checks for Christmas that I was thinking of spending on some new toys. The toys can wait.

One very easy way to donate is via Amazon.com. The link below allows you to make a direct donation to the American Red Cross. Amazon takes absolutely nothing, and I get no compensation either.




If you'd prefer to donate directly, I've posted a list of reputable organizations in the extended portion of this post.

Look, we Americans are the richest nation on earth. The CEOs of Goldman Sachs and Merrill Lynch this week received year-end bonuses that add up to more than this country has so far pledged to the relief effort in South Asia. If by any chance those two gentlemen are reading this blog, it would be nice for them to kick in a few millions. If you were lucky enough to get a year-end bonus, this would be a great place to share it. Meanwhile, I'll do what I can with what I have, and I ask you to join me.

Donations: Agencies Accepting Aid Dollars

ACTION AGAINST HUNGER
247 West 37th Street, Suite 1201
New York, N.Y. 10018
212-967-7800 x108
www.actionagainsthunger.org

AMERICAN JEWISH WORLD SERVICE
45 West 36th Street, 10th Floor
New York, N.Y. 10018
800-889-7146
www.ajws.org

AMERICAN JEWISH JOINT DISTRIBUTION COMMITTEE
South Asia Tsunami Relief
Box 321
847A Second Avenue
New York, N.Y. 10017
212-687-6200 ext. 851
www.jdc.org 

AMERICAN FRIENDS SERVICE COMMITTEE
AFSC Crisis Fund
1501 Cherry Street
Philadelphia, Pa. 19102
215-241-7000
www.afsc.org 

AMERICAN RED CROSS
International Response Fund
P.O. Box 37243
Washington, D.C. 20013
800-HELP NOW
www.redcross.org 

CARE
151 Ellis Street
Atlanta, GA 30303
800-521-CARE
www.care.org 

CATHOLIC RELIEF SERVICES 
Tsunami Emergency
P.O. Box 17090
Baltimore, Md. 21203-7090
800-736-3467
www.catholicrelief.org 

DIRECT RELIEF INTERNATIONAL 
27 South La Patera Lane
Santa Barbara, Calif. 93117
805-964-4767
www.directrelief.org

DOCTORS WITHOUT BORDERS 
P.O. Box 1856 
Merrifield, Va. 22116-8056 
888-392-0392 
www.doctorswithoutborders.org 

EPISCOPAL RELIEF AND DEVELOPMENT 
Emergency Fund 
P. O. Box 12043 
Newark, NJ 07101 
800-334-7626 
www.er-d.org 

INTERNATIONAL FEDERATION OF RED CROSS/RED CRESCENT
www.ifrc.org 

INTERNATIONAL MEDICAL CORPS 
Earthquake/Tsunami Relief 
1919 Santa Monica Boulevard, Suite 300 
Santa Monica, Calif. 90404 
800-481-4462 
www.imcworldwide.org

INTERNATIONAL ORTHODOX CHRISTIAN CHARITIES 
Asia Disaster Response 
P.O. Box 630225 
Baltimore, MD 21263-0225 
877-803-4622 
www.iocc.org 

ISLAMIC RELIEF USA 
Southeast Asia Earthquake Emergency 
P.O. Box 6098 
Burbank, Calif. 91510 
888-479-4968 
www.irw.org/asiaquake

MERCY CORPS 
Southeast Asia Earthquake Response 
Dept. W 
P.O. Box 2669 
Portland, Ore. 97208 
800-852-2100 
www.mercycorps.org 

OPERATION USA 
8320 Melrose Avenue, Suite 200 
Los Angles, Calif. 90069 
800-678-7255 
www.opusa.org 

OXFAM AMERICA 
Donor Services Department 
26 West Street 
Boston, MA 12111-1206 
800-77-OXFAM 
www.oxfamamerica.org

SAVE THE CHILDREN 
Asia Earthquake/Tidal Wave Relief Fund 
54 Wilton Road 
Westport, Conn. 06880 
800-728-3843 
www.savethechildren.org

UNICEF 
General Emergency Fund 
333 E. 38th Street 
New York, NY 10016 
800-4-UNICEF 
www.unicef.org

Firefox is not a security cure-all

I have lost count of the number of times I have read reviewers telling people that they should switch to Firefox because it is secure, unlike Internet Explorer. This is simply untrue. Mozilla-based browsers are somewhat more secure than IE, for two main reasons: one, they don't support ActiveX controls (although with Service Pack 2, the likelihood of being attacked by an ActiveX control has dropped dramatically); and two, because most virus/spyware writers have historically targeted the IE platform. But the more successful Mozilla/Firefox becomes, the more likely it is that bad guys will start targeting it too. Over time you will see more alerts like this one:

SecurityTracker.com Archives - Mozilla Buffer Overflow in Processing NNTP URLs Lets Remote Users Execute Arbitrary Code

(This vulnerability is fixed in the version of Mozilla that forms the core of Firefox 1.0, so don't worry if you're running the released version of Firefox.)

Virtually every virus and spyware attack in recent memory has taken advantage of a vulnerability for which there was a patch. Windows users who conscientiously apply patches and security updates (a painless process using Automatic Updates) don't get hit. Those who ignore updates become victims.

Firefox does script. It uses buffers. Most viruses and many spyware programs use buffer overflows and hostile scripts to force unwanted software onto users' machines. If you install a copy of Firefox and then don't update it when a security patch comes out, you are vulnerable to these exploits.

The programmers who put together Firefox have done a remarkable job. But I guarantee you they are on the lookout for reports like this one. When (not if) someone discovers a critical flaw in Firefox, they'll write a patch. Will all 14 million people who have downloaded Firefox 1.0 also install each new patch? We'll see.

Update: For news of a later and apparently more ominous security hole that affects Firefox but not Internet Explorer, see “Oops! This Firefox security exploit is a doozy.”

Terminating spyware with extreme prejudice

This first-person account of a reporter's struggle with spyware is amusing and surprisingly accurate:

I can trace the decline of my computer's performance to an ill-advised download over the summer. In a pop-music-induced frenzy, I am embarrassed to admit, I went to www.kazaa.com, downloaded and installed the free file-sharing service, then proceeded to download (a k a steal) Britney Spears's and Madonna's collaborative effort, "Me Against the Music."

I was about to get my karmic retribution. In downloading Kazaa, I had inadvertently opened the floodgates to all manner of spyware. By the end of the summer, even after I had deleted Kazaa and installed Norton AntiVirus 2004 - which took care of the virus-related part of the problem - I was unable to open Internet Explorer without being deluged with pop-ups enticing me to buy everything from herbal weight-loss pills to obscure business publications.

My home page would mysteriously try to redirect itself to a site called badgurl.grandstreetinteractive.com. Little gray dialog boxes would pop up in the center of my screen to inform me, shockingly, that my computer might be infected with spyware. Then it would crash.

I really couldn't relate to the melodramatic descriptions of how intimidating the process of wiping and restoring a hard drive is, however. But I guess for people who don't do this for a living, that's a big deal.

December 30, 2004

Digital rights (and wrongs)

In a previous post, I included a snippet that linked to Chris Anderson's blog The Long Tail. (Chris is editor of Wired magazine.) After I posted that, I read a little more. I've been meaning to write about digital rights lately but haven't found the time to set out a coherent thought on what can be a very controversial topic. So I was pleased to find this statement, which pretty much matches my thoughts:

Like Larry Lessig and his Creative Commons project, we believe in the value of protecting intellectual property rights, but we're opposed to overzealous extensions and implementations of those protections. Copyright good; infinite copyright bad. Piracy bad; treating everyone like a pirate worse.

But equally, we believe in putting the consumer first. Consumers want more content, easier-to-use technology, and cheaper prices. If some form of DRM encourages publishers, consumer electronics makers and retailers to release more, better and cheaper digital media and devices, that's not necessarily a bad thing. This is just being realistic: much as we might want it to be otherwise, content owners still call most of the shots. If a little protection allows them to throw their weight behind a lot of progress towards realizing the potential of digital media, consumers will see a net benefit.

The real question is this: how much DRM is too much? Clearly the marketplace thinks that the protections in the iPod and iTunes are acceptable, since they're selling like mad. Likewise, the marketplace thought that the protections in Sony's digital music players (until recently, they didn't support MP3s natively) were excessive and they rejected them. Indeed, we were one of the first to criticize Sony in a big way for getting that balance wrong.

Let me put my biases right out front. I spent 20 years working for print magazines, and I've been writing books for more than a decade. In a sense, I am in the same business as musicians and movie makers, with a crucial difference: Anyone with the right software can make a perfect digital copy of a CS or DVD, cheaply and at essentially zero cost. You can't make a perfect copy of a book or magazine unless you own your own printing press, and the cost is more than most people can bear. For now at least, it's easier to buy a book than to print your own copy. And even though all the books I've written in recent years have also been available in electronic versions, I guess people still like to turn pages and scribble notes in the margins, which you can't easily do with an e-book.

When perfect copies are easy and free, the temptation to make copies and pass them around is overwhelming, even for people who are basically honest. So, like Chris, I understand the need for protecting digital media. But as soon as any company decides to use DRM to protect their rights, they have a responsibility to make it not only possible but effortless for me to exercise the rights I buy from them. I should be able to make archival copies. I should be able to play music on a portable player and a car stereo and my home music system without paying for it three times, and the TV shows I record for personal convenience shouldn't expire unwatched just because I'm on a vacation that lasts more than two weeks.

I think the Electronic Frontier Foundation is doing excellent work, but I don't agree that all media should be free to copy by anyone, anywhere, at any time. Reasonable restrictions are just fine with me. It's too bad the entertainment industry (movies and music) is run by people who don't seem willing to be reasonable about much of anything. That's one reason I listen to a lot of music by artists on independent labels. I'd love to see an equally healthy independent movie and video industry that could tell the big studios to shove it.

Spyware in WMA files? Color me skeptical...

The normally reliable Techdirt admits that the following story raises many more questions than it answers:

Is The Recording Industry Hiding spyware In Windows Media Files?

When the recording industry first tried to get politicians to shut down file sharing networks, they went with the "it's stealing music" line, which generated some interest, but most people didn't seem to pay attention. Then, the industry suddenly became oh-so-concerned about the fact that child porn was on these systems, and tried to convince politicians they needed to stop file sharing for the "sake of the children." Lately, it seems the industry will do whatever it takes to make file sharing systems look bad. With that in mind, it makes you wonder if they'd go so far as to specifically hide spyware on file sharing networks just to upset users. It's not entirely clear if that's what happened, but it seems like the most obvious explanation for the following story, which was found on Broadband Reports.

Overpeer, a subsidiary of Loudeye, has been caught hiding adware and spyware within Windows Media files. Overpeer is the same company that the recording industry has hired in the past to dump fake versions of songs on file sharing networks. What the article doesn't answer is whether or not the industry hired Overpeer to dump spyware on the network as well, but it's likely they're pleased either way. Overpeer defends their actions by saying that anyone obviously deserves what they get because, obviously, they were looking for unauthorized files. It's not clear that everyone would agree. Sneaking malicious files onto someone's computer because "they deserved it!" doesn't seem like a very good justification.

What may be even more important to this story, however, is the revelation of just how easy it is, thanks to a huge loophole in Microsoft's copy protection technology, to include a malicious file with an audio or video file. Basically, because Windows DRM needs to look for a license, all anyone needs to do is point that license to a website that loads malicious content and off you go. Thank you Microsoft, for creating a huge loophole that will probably make sure millions of new computers are loaded with spamming, DDOSing trojans shortly. Thank goodness for that Microsoft DRM, huh? Not only does it not protect any actual property while making things more expensive, it opens up plenty more people to malicious attacks.

OK, first of all, folks have been making similar allegations about Overpeer since 2002, as a quick search will reveal. I don't know if it's true, but if so then they should be prosecuted. Period.

However, I am always very suspicious of stories like this, where the underlying facts are impossible to replicate. I know enough about the way SP2 works to know that what is being described here shouldn't happen on a system with SP2 installed, and I've read enough bad journalism from PC World and similar mainstream sites to be suspicious of the underlying facts. In particular, there is no way that Windows Media Player should be able to load an ActiveX control, because of the security zone it runs in. So color me skeptical...

And no, I do not agree that if you use Kazaa you deserve whatever you get. But if you use Kazaa or any underground file-sharing system to randomly troll for files from a worldwide network of untrusted services, you should expect to be attacked often, by the state of the art in malware. Likewise, if you spend enough time trolling in the porn underground you should expect to fight off a steady stream of pop-ups and attempts to load spyware. Is it right? No. Is it real? Absolutely. This is why I refuse to provide support for any friend or family member who uses Kazaa unless they agree to remove it from their system and keep it off. And you know what? It works.

Update: I see this story has now been picked up by Boing Boing, which means it will get a lot of publicity. That's unfortunate, because the original story is just so murky.

Further update: I've received a sample file and have done some tests. Read the results here.

December 29, 2004

MCE add-ins: My Weather, My Netflix

Ryan Hurst has put together some excellent add-ins for Windows Media Center 2005. I just installed one that provides local weather data from the Weather Channel and another that lets me browse and edit my Netflix queue using the MCE 10-foot interface. Very cool! (If only they worked with a Media Center Extender...)

December 28, 2004

More on Media Center performance

Thomas Hawk has an interesting analysis of how Windows Media Centrer Edition is doing today. In Media Center PCs So Far Not In Starring Role, he points to a Reuters article and writes:

There are two major problems that I see with Media Center Edition as it stands now.

1. The decision that was made NOT to aggressively pursue HDTV capabilty early in the process and still eludes the product today while satellite and cable providers are aggressively offering HDTV DVR products and even getting into the business of marketing HDTVs directly.
2. The fact that as it currently stands, Media Center Edition demos horribly in my home due to the extremely slow performance of "my music". As a hopeful evangelist for the product every person that I show the system to in my home, and there have been many, are put off by the long wait times associated with playing music on the system.

Until these shortcomings are addressed, I agree with the article that Media Center will not see widespread adoption.

I have more than 12,000 songs on my Media Center PC and do not see any of these performance problems, as I posted several weeks ago.

I'd be interested in doing some tests to see what the nature of Thomas's issue is. But perhaps one reason Microsoft doesn't appear to be addressing this as an issue is that it is hardware or format-specific.

As for HDTV, I agree with Thomas that this is a stumbling block for adoption of MCE. After all, the same early adopters who are drawn to Media Center are also going to lust after HDTV performance and resolution. But the cable and satellite companies really hold all the cards on this issue. If I want anything other than over-the-air HD, I have to use a PVR from my cable company or buy DirecTV with Tivo. There is no other way to get the HD signal from the cable box or satellite decoder to a third-party PVR. And that's the way the cable and satellite companies want it, because it means they have lock-in.

As it stands, I now have four choices for my living room:

• HD-PVR from my cable company (inadeuate storage space and terrible software)
• Media Center (wonderful with music and pictures but expensive and only does over-the-air HDTV)
• TiVo (awesome interface but doesn't do HDTV at all)
• DirecTV with Tivo (very expensive to buy, and much more expensive than cable for me).

So which set of compromises do I make?

Update: Thomas adds some great comments below. He also has some more performance-related questions about Windows Media Player here.

Is anyone from the WMP team reading this? Scoble? Matt Goyer? (I'd link to you, Matt, but your blog is broken...) Anyone?

Why are people confused about PC security?

Maybe because they read articles like the one in this morning's Washington Post, entitled Trouble Can Be Downloaded Along With Music. The competition is pretty fierce, but I rate this as a strong contender for the worst piece of computer journalism of 2004. The author clearly understands nothing about music downloading, viruses, adware, spyware, and related technologies. But that doesn't stop him from delivering eleven paragraphs of pure confusion.

Here's a sample:

[T]echnology security experts warn that many of this holiday season's millions of newbie MP3 player owners don't know what dangers lurk behind some music.

"The risk has skyrocketed," says Kraig Lane, group product manager at the computer-security products manufacturer Symantec. "The bad guys are putting evil agents into music files and even videos that we are downloading. Music files especially. And you don't know it's there."

The big problem is that some music services -- particularly the free and legally questionable peer-to-peer (P2P), file-swapping networks like Kazaa, BearShare and LimeWire that connect millions of home-computer users -- deliver something in addition to free software and music. They sneak in adware -- or, even worse, viruses and spyware.

Even reputable online music stores sometimes install adware....

The author then goes on, just a few sentences later, to mention iTunes, eMusic, and Wal-Mart's music store. Do any of those services deliver viruses? No. Do any of those services bundle adware or spyware with their software? I don't think so. But anyone who reads this story is bound to be thoroughly confused, and alarmed for no good reason. My goodness, they better not download any music, and they better buy some software to protect themselves from all that evil adware and spyware. Hmmm. Which software to buy? Well, the only "expert" quoted in the story is some guy from Symantec, and the author approvingly mentions not only Symantec's online spyware-scanning service but also its Norton Internet Security.

And what's this crap about "evil agents" in music and video files? You mean downloaded files that claim to be music files might actually be executable programs? Or does "evil agents" mean something else? We simply don't know. But if the guy from Symantec says to be afraid, well, we should be afraid. Oh, and we should buy Symantec's software, right?

Good lord, no wonder people get confused by this stuff.

December 26, 2004

You can help

This past summer, Judy and I visited the Pacific Tsunami Museum in Hilo, on the Big Island of Hawaii. We learned an amazing amount about this terrifying force of nature.

Which is why we were so spellbound by today's devastating quake and tsunami in South Asia. I was happy to learn that my friend Woody Leonhard, who lives in hard-hit Phuket, is OK. But 11,000+ people were not so lucky, and literally millions of peopleare homeless tonight. If you have a few dollars to spare, I urge you to send some to Save the Children. They do good work, and they need our help now.

Got a notebook? Get this...

One of the best purchases I made in 2004 was Kensington's unusual and incredibly well designed notebook holder. It's a simple platform that contains USB, keyboard, and mouse ports. You slide your notebook PC into the bracket, plug in one USB connector and a power cable, and you've instantly transformed your notebook into a desktop. The bracket hides the notebook keyboard elegantly, and the notebook screen ends up at a perfect height, just as if you had a separate flat-screen monitor.

If you own a notebook, check it out. Amazon has this item for an excellent price, with free shipping and a $10 rebate.

December 24, 2004

More Dell: For better or worse

I used to work with Jeff Prosise years ago, although we haven't seen each other in a while. So I felt a little extra twinge of sympatico when I read his account (via Scoble) of Dell Hell:

A few weeks ago I wrote that my system was mysteriously rebooting itself from time to time. Little did I know that that was just the beginning of the biggest PC pain I've ever experienced. I'm finally back up and running tonight after three days without my primary PC. Here's a summary of what happened--and a word of warning to anyone who buys an on-site service warranty from Dell.

The thing that surprised me most about this story is that it wasn't the power supply on his Dell 4600 that went bad. I've had lots of reports from people who had their systems mysteriously die shortly after the warranty expired. They're especially unhappy that no one in Dell's worldwide support empire seems to understand that this is a common problem.

Anyway, Jeff's story is yet another illustration of how difficult it is to work with Dell's support bureaucracy. He was persistent, and got what he needed. And the same thing happened to me recently. Remember my neighbor Jerry's Dell 4100? Its case fan (a proprietary part) died, and I couldn't find a replacement anywhere. Way more than a dozen calls to Dell turned up no help and only frustration. Until I finally connected with Diego, a "case resolution" specialist who works out of Dell's Buenos Aires office. Diego listened to my story and promised he was going to see it through and make sure I was taken care of.

Sure, I said. I've heard this before. And then guess what? Diego came through. It took a week for him to track down the part I needed. Every morning I got a phone call in which he informed me of the status of the search. When he finally found the part (at a third-party company), he gave me the details, told me to order it, and promised that he would have my charges reimbursed. And he did exactly that. Parts arrived, computer fixed, charges reimbursed. I got one final call this week from Diego, just checking to make sure that everything was OK.

If anyone at Dell is reading this, please make a note. This is how customer service is done. I shouldn't have had to call so many times or lost my temper to finally reach someone who could solve the problem. But I'm glad I stuck with it. Thank you, Diego.

December 23, 2004

Bellissima!

Thanks to Mavromatic (a blog I had never heard of before) for this pointer to the Teatro D1 - The Super Media Center 2005 PC.

Unbelievable! This is one sexy Windows Media Center PC. The TEATRO D1 is like any finely crafted Italian product. It sports a built-in 7" 1280x720 VGA touchscreen, dual layer DVD burner and 500gb of HD space. You can record two shows at once (also has a FM tuner). The TEATRO D1 has integrated Wi-Fi, great for older homes where Cat5 is not easily pulled. I can't read Italian so it's hard to navigate the OnCinema site to find out more information... like pricing... but I expect this thing to be in the $3-5k range. The TEATRO D1 comes in silver (pictured) and black. It seems like all the really cool stuff in this space is coming from our friends in the EU. Which kind of makes sense, since Europeans have always been known for there love for quality and sexy styling... I guess we are known for $29 Target DVD players and Cheetos.

I've been studying Italian this year, so I was able to stumble around the Web site, understand most of the text, and determine that this baby would set you back a cool 5000 Euros, which at current exchange rates is about $6750. Mamma mia!

The good news is that you can buy a similar looking case from A-Tech Fabrication and build your own for considerably less. They'll even install the touch screen for $400...

Thanks to James Fee at Digital Media Thoughts for the pointer.

Security alert for Windows XP

Here's a disturbing report of a Cross-Site Scripting Vulnerability in Internet Explorer, from Secunia. Note that installing SP2 alone will not protect you from this problem, although it does offer a useful tool to fix it temporarily.

Clicking the test link on their page opens an IE window that contains their own content, with "https://www.paypal.com/" displayed in the Address bar and an authentic-looking SSL padlock icon in the status bar. (Clicking the test link in Firefox does nothing.)

This test page, of course, does nothing. But if it were an actual phishing attack, it would be possible for a bad guy to convince you to give up personal information like a password or a credit card number in the mistaken belief you were actually at a Web site belonging to your bank, PayPal, Ebay, or another trusted site.

To protect yourself until a patch is released, do the following.

1. From Internet Explorer, choose Tools, Manage Add-ons. (If you don't see this menu choice, you don't have SP2 installed, and you have bigger problems!)
2. Scroll down the list and select DHTML Edit Control Safe for Scripting for IE5.
3. Click Disable.
4. Click OK to close the dialog box, and then restart IE.

Even if you normally use Firefox, I recommend that you take this precaution until a patch is available.

If you have an application that needs to use the DHTML Edit control, there's a fix that allows this ActiveX control to be used safely, but it's too complicated to list the instructions here. Leave a comment if you are in this situation.

If you use an earlier version of Windows, you should disable ActiveX.

Update: The DHTML Edit Control is in every version of Windows XP, but it won't appear in your list of add-ons until it's actually loaded by a page. Go to the Secunia test site and click the link to their test. After you do that, you can disable this control.

December 22, 2004

Your jukebox, uncensored

I've seen this several places, and it's a cool idea:

1. Open up the music player on your computer.
2. Set it to play your entire music collection.
3. Turn on the "shuffle" option.
4. Tell us the title of the next ten songs that show up (with their musicians), no matter how embarrassing. That's right, no skipping that Carpenters tune that will totally destroy your hip credibility. It's time for total musical honesty.
5. Write it up in your blog or journal and link back to at least a couple of the other sites where you saw this.
6. If you get the same artist twice, you may skip the second (or third, or etc.) occurances. You don't have to, but since randomness could mean you end up with a list of ten song with five artists, you can if you'd like.

Here's my list (album names in parentheses). It could have been much stranger.

Dusk
Lara and Reyes (Two Guitars One Passion/Spain)

Green Onions
Booker T & The MGs (Elemental R&B/Shimmies and Shakes)

The Boy Feels Strange
Melissa Etheridge (Never Enough)

Knockin' On Heaven's Door
Bob Dylan (MTV Unplugged)

Ramblin' On My Mind
Jesse Colin Young (Greatest Hits)

Seek Up
Dave Matthews Band (Remember Two Things)

Trip to Skye/Darach Debrun's
Eileen Ivers;John Whelan (Celtic Odyssey)

Sun Risin' Blues
Big Joe Turner (Big Bad & Blue: The Big Joe Turner Anthology Vol. 1)

Tangled Up in Blue
Bob Dylan (A Million Faces at My Feet, bootleg)

Allowa Kirk/Traditional Strathspey/Princess Royal/Douglas' Favourite
Ashley MacIsaac (Fine Thank You Very Much)

Thanks to A View from the Classroom, The Hypothetical Wren, and 42 for the idea.

December 21, 2004

Charge for security features? No, no, no!

CNN reports that Microsoft may charge extra for security software:

Microsoft Corp. disclosed plans Thursday to offer frustrated users of its Windows software new tools within 30 days to remove spyware programs secretly running on computers. But it might cost extra in coming months.

In a shift from past practice, the world's largest software manufacturer said it may charge consumers for future versions of the new protective technology, which Microsoft acquired by buying a small New York software firm. Terms of the sale of Giant Company Software Inc. weren't disclosed.

No, no, no! Security features in the operating system should be free. Period. Anyone running Windows should get the code that prevents their computer from being compromised. The goal should be 100% adoption, and charging extra for security features means settling for significantly less than that goal.

Anti-spyware software compared

Just ran across this comprehensive Feature Comparison of popular anti-spyware programs.

As spyware and adware have become increasingly powerful and difficult to remove, developers of anti-spyware programs have added a wider range of functionality to their applications to give users more powerful tools as well as greater control over those tools. Moreover, although anti-spyware applications have long resembled standard anti-virus applications in many way, they have also started to acquire their own distinctive set of features in order to help users deal with the unique problems posed by spyware and adware. Given the bewildering array of programs and features available to users looking for anti-spyware applications, users may find it difficult to usefully compare anti-spyware programs and their feature sets.

Giant Anti-Spyware, which Microsoft just purchased, gets particularly high marks. Unfortunately, the product was pulled from Giant's Web site as soon as the acquisition becamse official. It'll be interesting to see what it looks like when it returns in January.

Sure. Macs are easier. Uh-huh...

As long as I'm sticking my toe into the Mac waters... I ran across this post from Jeffrey Zeldman today, which explains how users of Mac OS X can safely update to the latest version of their OS. (In other words, install the latest Mac service pack.)

Apple's 10.3.6 update to OS X Panther worked wonderfully well for many users. But it created problems for many others, including slow startups, bizarre internet connection delays, and the sudden failure of networked drives.

Apple has just solved that problem by introducing version 10.3.7, which unfortunately creates problems for some users including slow startups, bizarre internet connection delays, and the sudden failure of networked drives. Oops.

The recommended procedure for installing this service pack ... er, update involves the following steps:

• Use a third-party tool to delete all cached fonts
• Use another third-party tool to "repair permissions, run cron scripts, prebind the system, and clean system, user, and internet caches"
• Run a full backup
• Turn off all third-party startup items and
• Remove all external hard drives from the desktop

At that point, you're ready to perform the update. Apparently you need to hold your breath and face Cupertino while you do this, because after the update is complete you have to delete the font caches again, use that third-party tool to do all those bizarre techie tasks, slowly bring back the third-party startup items, and then...

After working with the Mac for a while without experiencing problems, run another full backup.

OK, can anyone explain how this is less complex for the average person than installing Service Pack 2 for Windows XP?

As long as we're covering flame wars

You want to read a rant? A really great rant? Steve Gilliard is your man. Compared to Steve, Lewis Black is Mr. Rogers.

Steve is angry at Mac fanatics who insist that replacing your Windows PC with a Mac will solve all your problems. I've put the excerpt from Steve's rant in the extended portion of this post, which means you'll have to click once if you want to read his words and the rest of my remarks. If you're offended by earthy language, don't click. Me, I use some of those words on a daily basis, and they seem particularly appropriate here. (This isn't basic cable, folks.)

Now, I own a Mac, but the problem with many Mac owners is that they live in a state of blissful ignorance and their missionary work grows annoying over time. Some Mac users know a lot about machines, but the loudest ones don't. Their solution is always "get a Mac" when they really need to shut the fuck up. Windows has some specific, minor problems, which can be solved by minor tweaking. Not by buying a new machine.

I am far from impressed when someone, who actively avoids buying a machine they have to work with, tell me that if I buy a Mac, I won't have any technical problems. That merely confirms that they don't know what the fuck they're talking about. My friends did tech repair for Macs in the 1990's and trust me, Macs crash like other computers.

I wouldn't wipe my ass with an iMac. I can build a better machine in my sleep. I know I've repaired some in that state. Now, the iBook/Powerbook is a different story, but they're still overpriced. The problem with the iMac is simple: style over function. For what you pay, it's no bargain. And when it's outdated, you're not upgrading. Apple sucks money from the ignorant and the compliant. They don't want people to understand what's inside their machines and you just have to trust them. Sure, you can do some configuring, but not enough to make a difference.

Read the rest of the rant here. And be sure to read the comments.

I have friends and relatives who own Macs. And guess what? Their machines occasionally crash. Their software stops working on regular occasions. They need a shelf full of books to understand how to use their computer properly. Their hardware does funky things every once in a while. If they install too many add-ons, the whole system slows down and programs start to behave in strange ways. They have to worry about security issues, too. Not as many as a Windows PC, but still more than zero. And if the Mac OS ever becomes as popular as Windows, you can bet that bad guys will come up with a boatload of spyware and viruses to attack Mac users.

Windows XP is a damn good operating system with a few noteworthy flaws. If you know what you're doing, you can steer around those flaws pretty easily. The folks who subscribe to the "magic bullet" theory of computing (Get a Mac. Get Firefox. Get Linux. Compile your own kernel code. Do xyz and all your problems will vanish) are missing the point. Personal computers are inherently complex, multi-purpose devices. It doesn't matter whether you use Linux, the Mac OS, or Windows XP -- the more you know, the more you can take control of that box and let it help you do great things. The less you know, the more likely it is that the box on your desktop will make your life miserable.

OK, flame away.

The Firefox flame war is on

I predicted Peter Torr would start a flame war with his Firefox post, and sure enough... To his credit, he's addressed most of the criticisms directly in this follow-up post, entitled, I love Slashdot. My favorite part:

You're spreading FUD

Well, yes, I suppose I am.

• People should fear code they cannot easily verify
• People should feel uncertainty about downloading and executing code that they cannot easily verify
• People should doubt the integrity of code they cannot easily verify

And, to re-iterate what I said earlier, manually checking MD5s or compiling the source does not qualify for 99% of users.

This debate is very, very healthy. If Microsoft pays attention to the success of Firefox and improves IE to remain competitive, we all benefit.

December 20, 2004

How can you trust Firefox?

Microsoft's Peter Torr invites a flame war with his essay, How can I trust Firefox? He walks through the installation and configuration process with Firefox and determines that it reinforces some particularly bad habits for users. He concludes:

I actually think Firefox is a nice browser. It seems to render HTML without any problems, and the tabs are nice for browsing Slashdot. But just because it doesn't currently have any unpatched security vulnerabilities talked about in the press doesn't mean they don't exist (Secunia currently lists three unpatched vulnerabilities, for example).

Mozilla has had its share of security vulnerabilities in the past (just as IE has), and -- despite what the open source folk might say -- Mozilla keeps their security bugs hidden from the public (just like Microsoft does) in order to protect their customers from coming under attack by malicious users. Note that this is not a bad thing; all vendors should treat security bugs responsibly to ensure customers are not put at undue risk. It's just something you should be aware of. Just because you don't see any unpatched security bugs in Bugzilla doesn't mean they don't exist, either. But the thing that makes me really not trust the browser is that it doesn't matter how secure the original code is if the typical usage pattern of the browser requires users to perform insecure actions.

• Installing Firefox requires downloading an unsigned binary from a random web server
• Installing unsigned extensions is the default action in the Extensions dialog
• There is no way to check the signature on downloaded program files
• There is no obvious way to turn off plug-ins once they are installed
• There is an easy way to bypass the "This might be a virus" dialog

This is definitely food for thought. My take? I use Firefox. It's a nice piece of software, and in terms of usability I believe it is a better choice for folks who want a powerful Web browsing tool. But contrary to what some ill-informed folks in the media are saying, it is not a cure-all for security problems.

Google desktop security...again

An article in today's New York Times reports that some university researchers have found a Flaw in Google's New Desktop Search Program. This does seem like a legitimate concern, but here's the part that troubles me:

An attack would require a user to visit the attacker's Web site first, and any type of Web browser could make a user vulnerable. Google said there was no evidence that any such attacks had occurred.

The Rice group was able to create a Java program that makes network connections back to the computer from where it was downloaded and then make it appear as if it were asking for a search at Google.com. That was enough to fool the Google desktop software into providing the user's search information. The program was able to do anything with the results, including transmitting them back to the attacking site.

OK, so in order to take advantage of this security exploit, you, dear Google user, have to visit a Web site run by some nasties, where you have to download a Java program and allow it to be installed on your computer. Presumably, the nasties would disguise this Java program as a game or screen saver or something equally shiny and appealing.

Which is the entire point. I'll say it again: If a bad guy can convince you to install a program on your computer, it's game over. Don't install software from untrusted sources on your computer. And assume that any source is untrusted until you are certain that the opposite is true.

By the way, as the story makes clear, this exploit would work with any browser on any operating system.

Hotmail dumps McAfee, chooses Trend Micro

FirstAdopter.com points to a CNET News story today:

Starting today Microsoft is going to use Trend Micro instead of McAfee for anti-virus on Hotmail. The reason for the change is unclear although an Austrialian Microsoft executive said Trend Micro's products offer "deeper virus protection."

Excellent move. I don't recommend McAfee software at all, and I am an enthusiastic supporter of Trend Micro. I use Pc-cillin Internet Security 2005 myself. I've installed this package on several clients' machines in the past year and have heard nothing but positive reports. If you follow the link (I have no relationship with Trend Micro and get nothing for the referral), note that you can save some money by choosing the Upgrade option ( you qualify if you have any AV software at all). If you have multiple computers, check out the Home Security Pack, which is an excellent deal.

Windows Media Player performance

Thomas Hawk has a great Christmas wish list, with a lot of overlap to the things I'd like to see (I don't need a Pogo stick with training wheels, though).

But in this post, once again, Thomas takes a shot at what he considers the miserable performance of Windows Media Player. I first read this complaint in a post by Thomas from last September, when he wrote an otherwise glowing review of Windows Media Player 10:

The single largest problem with Microsoft Media Player 10 remains the poor performance you have with large digital libraries. If you have 5,000 mp3s or less, this is not an issue. On the other hand if you are a hardcore, diehard, digital music enthusiast like I am then this simply will not cut it. I did notice a speed improvement between the WMP 9, WMP 10 Technical Beta and the final release of WMP 10 but it still can take about 1 minute and 30 seconds to move between playlists, libraries, etc. for my collection. Microsoft needs to continue to work on indexing and possibly allowing users to run the application in RAM to improve performance.

My digital music collection currently consists of 1,280 files in MP3 format and 10,488 files in WMA format, for a total of 11,768 tunes, which is well over the 5000-song limit where Thomas says he sees performance problems. In Windows Media Library and in Windows Media Center Edition, performance is essentially instantaneous for everything. When I click an album, a playlist, or an artist in the Media Player tree list, its contents appear without any hesitation. In Windows Media Center Edition, I notice a delay of approximately five seconds when I first view the list of albums, but after that, performance is lightning-fast.

The biggest difference between Thomas's setup and mine is one he calls out explicitly: He's a diehard supporter of the MP3 format, whereas nearly 90% of my collection is in WMA format. Every device I use supports WMA format (no iPod here), so this is simply not an issue for me. Anyone else see this issue?

December 17, 2004

Two smart things you can do for your data

I just got a call from a friend who had a hard drive crash. It appears his video card is toast, too, and this was the latest in a string of several hardware failures. He blames it on Mercury being in retrograde. I think there's a more rational explanation: bad power.

Look, hardware can fail at any time. Circuit boards and chips are really sensitive to surges and spikes in your power supply. A simple power strip does nothing to protect you, even if it claims to be a surge protector. Most of those devices are just junk. What you really need is a universal an uninterruptible power supply (UPS), which is basically a big battery in a case that plugs into the wall and to which you can in turn plug your PC, monitor, and other sensitive devices. (But not your printer, which draws too much power).

You can find sales on decent UPS products regularly. I've got a couple of Belkin models here that work very well and cost around $30 when I bought them. I've also used APC products and wouldn't hesitate to recommend them. When you get a power surge or spike, the device kicks in and filters the current. If you have a momentary power failure, the UPS keeps you running so you don't lose anything. And if your power goes out for long enough, you can shut down gracefully and save what you're working on.

The other thing everyone should have is an external hard drive for backing up important files. You can find DIY USB 2.0 drive enclosures just about anywhere, for around $20-30. Get yourself a cheap 80-120GB hard drive and put the pieces together. Voila! Instant backup device.

Update: Thanks to Ryan Walters for the correction on what UPS really means.

When we assume...

Joe Wilcox at Microsoft Monitor had a little problem accessing a Microsoft Web site today and decided to jump to some conclusions:

I found that I could easily get to the Website using Internet Explorer on Windows. This morning, I tried to access the Website using Mozilla'z Firefox and ended up at the same error page. Apparently, Microsoft's Small Business Center Website is for people using its software, and I think that's a mistake.

[...]

This wouldn't be the first time a Microsoft Website locked out other Web browsers. And I can understand why Microsoft wants to hook SMBs as tightly as possible into its technologies.

[...]

The news media loves to rap Microsoft whenever it pulls these kind of proprietary stunts, particularly around Internet Explorer. I know plenty of editors who were reporters during the browser wars or Microsoft's U.S. antitrust trial; they love to rehash that chapter of Microsoft history. I think Microsoft would serve itself better by making sure its Websites conform to World Wide Web consortium standards rather than assuming everyone uses Internet Explorer. I don't really believe Microsoft Website developers are trying to lock out other Web browsers, so much as they don't take them seriously. That's a mistake.

OK, I use Firefox 1.0 here. I just tried to visit the Web site Joe wrote about. And guess what? It opened right up. So whatever the problem was, it didn't seem to have anything to do with Microsoft trying to "lock out" other browsers.

Last August, Ed Foster was griping about Microsoft locking out other browsers from its online Knowledge Base. Guess what? That turned out to be a temporary issue also. I checked at the time and had no problem accessing the Knowledge Base search page with Firefox. Almost certainly unrelated to any deliberate decision to lock anyone out.

But it's much more fun to write stories that say how evil Microsoft is. Even when they're not true.

December 15, 2004

Fighting comment spam

I allow comments on this Web site. In fact, I encourage them. In the past, I've had to shut down comments for fairly long periods of time because of "comment spam," automated attacks that fill the comments section with plugs for whatever sleazy product you can imagine.

The comments are open again because I upgraded to the latest version of Movable Type and installed the latest version of MT-Blacklist, an awesome program created by Jay Allen. If you leave a comment here, it may get held for my approval. That's a small price to pay, considering that MT-Blacklist has blocked more than a thousand pieces of comment spam since I installed it two months ago.

Via this thread at Brad DeLong's Weblog, I learn that Jay is now working for Six Apart, the developers of Movable Type. Congratulations, Jay!

If you have a blog, the combination of Movable Type and MT-Blacklist is absolutely awesome. So here's a public thanks to all the folks who made this software possible.

The itsy-bitsy Windows XP boot drive

Over at eHomeUpgrade, Will Wagner indulges in a little science project: How-To: Boot Windows XP Off a Compact Flash Card.

This article describes how I was able to get BeyondTV Link, a .Net application, running Windows XP Home using an inexpensive compact flash card. As a disclaimer, please note that your mileage may vary when doing this procedure so please don't blame me if things go badly, your spouse leaves you, and/or your dog bites you as a result of this article.

He started out trying to boot from a USB flash drive and decided it couldn't be done. Sounds like a challenge. Anyone want to try?

December 14, 2004

Really lame security advice

CNET News tries to spread some panic about desktop search technologies and misses the point completely:

Security experts are warning that virus writers could use new desktop search tools to make their malicious software more efficient.

Foad Fadaghi, senior industry analyst at Frost & Sullivan Australia, said that most viruses are designed to harvest e-mail addresses and other personal information from an infected system. He warned that because desktop search tools such as those recently announced by Google, Microsoft and Yahoo can index and categorize that information, virus writers are likely to start exploiting the technology.

"Desktop search products are very efficient at harvesting data, so it wouldn't be surprising if exploits are sought by malicious coders. Any software that can index and capture data on a user's PC will be subject to virus and Trojan exploits. It is just a matter of time," Fadaghi said.

And how exactly would they do this? If you install an untrusted piece of software, someone else owns your PC. They can do anything they want, with or without the help of an indexing engine. (Oh, and by the way, Windows XP already has an indexing engine, and has since Day 1.)

The implication of this story is that you are somehow safer if you allow a virus or worm to be installed on your computer but don't have desktop search software running.

Do you believe that? I didn't think so.

December 13, 2004

Ultimate password protection

Carl Siechert and I are currently updating Windows Security Inside Out for a second edition due early next year. One promising new development that can really help you keep your online identity secure is to use a fingerprint reader manage your logons. Amazon has the Microsoft Optical Desktop with Fingerprint Reader on sale right now. I've been told that it does a great job of logging you on automatically to your computer, remembering all your saved passwords, and entering them automatically when you browse to associated Web sites.

The best part of a system like this is that you can safely use strong, unique, truly random passwords for every site you visit. In fact, I generate a separate random password for every site and store them in Roboform. I keep the encrypted master list of passwords stored in an online drive and on a second system. That's a big improvement over what most people do, which is to use one easy-to-remember password for every Web site. The trouble with that strategy, of course, is that if someone gets hold of your Amazon password, they can get into your Ebay account, and your PayPal account, and so on and so on.

Anyone tried this device yet?

The unfriendly skies

This just sucks. According to The New York Times:

Federal regulators plan next week to begin considering rules that would end the official ban on cellphone use on commercial flights. Technical challenges and safety questions remain. But if the ban is lifted, one of the last cocoons of relative social silence would disappear, forcing strangers to work out the rough etiquette of involuntary eavesdropping in a confined space.

Imagine a five-hour cross-country flight, on a full plane, with you seated next to a hyperaggressive lawyer playing hardball with some insurance company. In front of a real estate agent returning 20 calls from clients. Behind a guy bragging to his buddy about how wasted he got last night.

Can you imagine anything more annoying? With the possible exception of a Harley-Davidson brand leaf blower, I can't.

Dear FCC: I don't care about Janet Jackson showing her boobie for three-tenths pf a second at the Super Bowl. I do care about an airplane full of people chatting on their cellphones. Please get your priorities straight.

December 12, 2004

A geek's-eye view of security

BigUnix has a fascinating article on computer security. Well, I found it fascinating. If you read it all the way through, then you may be a geek, too:

If a system has bugs, sometimes those bugs can be exploited in order to inject new code for the processor to execute. This can be a hardware, Operating System, or application bug. Almost always, the bugs tend to be a software bug. Those software bugs are usually the result of an unchecked boundary for some input data. When that boundary is passed, or overflowed, some of that input data mingles with execution code. This problem is a very old one. The naive solution, which has been tried for years, is to just fix all the broken code. The OS vendors may be realizing that this is too hard. Is there another solution?

If we look at the most common platform on the net for common users, it is the Windows Platform. According to the Google zeitgeist for May, this is probably at least 50% of the internet. This platform has also been the most popular for viruses as well. Recently, Microsoft has stated that security is an important focus for them, and they have been taking great strides to redeem themselves from a long history of security issues.

Here are some of their solutions to code injection:

# They are pushing .NET CLR which will dramatically reduce the possibility of an exploit

# They are turning on the firewall on as the default and re-securing all of their network exposed systems (code reviews)

# They are implementing new stack checking systems into Visual C and other compilers for future programs

# They are utilizing the No-Execute (NX) feature from the AMD64 architecture to provide memory protections in a finer granularity within a Win32 process

Of all of these, the No-Execute feature is by far the most interesting. It is a simple hardware enhancement to the x86 architecture that arrived with the introduction of the AMD64 system. It is interesting to note that it has been present in other non-x86 CPU architectures (like MIPS) for years. Microsoft is going to give users the ability to use the NX feature under the name Data Execution Prevention (DEP) via XP Service Pack 2. So, what is it, and why did it take so long to get here?

The bad news is you'll probably need all-new hardware to take advantage of this. But it's coming.

Firefox stops blocking popups

A VC writes:

One of the main attractions of Firefox is the lack of spyware and associated stuff like popups that you get when you switch. Well at least for me, that's over.I got about four or five Firefox popups last week. The one shown above was courtesy of Panasonic. I'd be curious to find out if this is happening to others.

Yes, it's happening here. The makers of some types of popups have figured out how to work around Firefox's popup blocker. Not only that, but apparently the Movable Type (blog software) Quick Post shortcut actually turns off the Firefox popup blocker!

This, by the way, is yet another piece of evidence that Firefox (although it is a wonderful bit of software) is not a magic bullet of security. As it gets more popular, it will get attention from the people who make popups, spyware, and other annoyances. Anyone want to bet on how long it takes before the first piece of spyware gets installed through Firefox?

Update: I created a clean Firefox profile and the browser is correctly blocking popups again. This suggests that an extension (probably related to tabbed browsing) is to blame. Is the incredible popularity and utility of Firefox extensions a double-edged sword?

December 10, 2004

MCE 2005 FAQ

The AVS Forum is filled with really smart people who know a lot about all sorts of digital home entertainment topics. I stumbled across their Mce 2005 Faq today. Wow! What a great resource. They've even managed to get Jay P. Kapur, Lead Program Manager of the Windows Media Center TV Team, to post.

If you use MCE 2005, bookmark this thread. (And set aside an hour or more to read it. This thread's currently at 15 pages and growing...)

December 09, 2004

MyPVRSucks.com

I'm a member of a Yahoo group devoted to the Scientific Atlanta Explorer 8300 personal video recorder. It's been enlightening, to say the least, to read about the experiences of others who are stuck with this woeful piece of consumer electronics gear. Now, a software engineer who is also a part of that group has started MyPVRSucks.com:

When I upgraded my TV to an HD compatible set, I decided to get a Rogers Cablevision HD set-top box - and decided to get the PVR model at the same time. I envisioned a beautiful utopia where I could simply click the "Record" button while viewing the guide, and all my shows would be recorded in HD digital splendor, for my viewing enjoyment.

I picked the PVR up at my local Rogers store. Easy. As the transaction completed, the sales lady told me "Remember to power it off every night. You have to turn it off." This is slightly alarming, but, what the heck... and I head for home with my nice new PVR.

Unfortunately, everything was not quite as smooth as I had hoped.

Because...

The Scientific Atlanta Explorer 8000 HD sucks!

The Scientific Atlanta Explorer 8300 HD sucks too!

And here's why...

After having used a TiVo for nearly five years and spending the last month with Microsoft's new Windows XP Media Center Edition 2005, I have to agree. I use the SA box because it is the only way I can record HDTV. But the software is dreadful. For instance, if you sit down to watch a show that is currently being recorded, you have to manually (and slowly) reverse your way through the current recording to get to the beginning. If you're 20 minutes into a show, that can take two minutes. There is no way to start at the beginning. As you're watching, the progress bar (which appears when you hit the Play button) doesn't show you any indication of how much time has elapsed or how much remains. It's a graphical display only.

Oh, and here's my favorite: When the currently recording program reaches the end, the recorder automatically dumps you out of the program you're watching and to whatever happens to be on live TV at that moment. To get back to where you were, you have to visit the list of recorded programs again, start at the beginning, and then fast-forward through the program. How lame is that?

Let's not discuss the video artifacts, the sound that drops out mysteriously, or the dancing green bars that took over the screen for about five minutes during last night's episode of Lost.

Judy and I have learned to resist the urge to watch a program on the Cox/SA box until it's done recording. We're also using the Media Center PC to record as much as possible, reserving the Cox box strictly for HD programming and for times when the single tuner in the MCE machine is otherwise busy.

Thanks to the mysterious software engineer who started MyPVRSucks.com, at least I know I'm not alone.

Update: For a more detailed look at the 8300HD and its alternatives, see TiVo versus MCE versus my cable company.

Spreading misinformation

Dan Gillmor is an excellent journalist and a ferocious critic of Microsoft. His blog is widely read and respected - in fact, it's on my must-read list daily. That's why I was distressed to see that a recent blog entry from Dan contained a startling bit of misinformation. As part of a discussion of Google News, Dan quotes Andrew Orlowski of the Register as having written:

...at one point in an Antitrust deposition Bill Gates claimed that "the computer wrote" one particular incriminating email. It's the "cat ate my homework" excuse of the 21st Century.

The Washington Post has transcripts of the infamous Gates depositions from the August September 1998 depositions. I read through them, and I can't find anything remotely resembling what Orlowski wrote and Gillmor quoted without fact-checking.

I'm not going to give Orlowski the benefit of the doubt and say that he was just paraphrasing something else. If you look back, you'll see that he has spread this story before. In this story about Google, for example, published earlier this year, Orlowski directly quotes BillG:

At an awkward point in his testimony to during the Antitrust trial, Chairman Bill was asked to confirm that he'd written an incriminating email that had come from the account billg@microsoft.com. 'The computer wrote it,' said Bill.

I copied the full text of the Gates depositions here and allowed Copernic Desktop Search to index them. I did a dozen searches on a wide variety of words and phrases and can't find anything remotely like this exchange.

It's unfortunate when a writer for a Web site that is known for its snarky but entertaining takes on technical news makes up a quote. I don't believe very many people believe the Register follows the same standards as real journalists. But Dan Gillmor is a real journalist, and he shouldn't be spreading this sort of misinformation so casually.

Update: I found the passage in question, and I was right. Orlowski is grossly exaggerating, to put it mildly. This is from the Deposition of Bill Gates, September 2, 1998 (follow the link above if you want to read for yourself):

Q. BY MR. BOIES: And you type in here "Importance: High."

A. No.

Q. No?

A. No, I didn't type that.

Q. Who typed in "High"?

A. A computer.

Q. A computer. Why did the computer type in "High"?

A. It's an attribute of the e-mail.

Q. And who set the attribute of the e-mail?

A. Usually the sender sends that attribute.

Q. Who is the sender here, Mr. Gates?

A. In this case it appears I'm the sender.

Q. Yes. And so you're the one who set the high designation of importance, right, sir?

A. It appears I did that. I don't remember doing that specifically.

Q. Right. Now, did you send this message on or about August 15, 1997?

A. I don't remember doing so.

One of the first things a lawyer tells you when you are about to be questioned for a legal proceeding is to answer the question exactly as asked. Don't volunteer information. Don't explain. In this case, Boies asked Bill Gates whether he typed a particular phrase at the top of the printed e-mail. Gates answers, truthfully, that he didn't type that. As any Outlook user knows, that information was inserted by Outlook when the message was printed, based on the Importance attribute. Gates correctly made Boies work to get that information.

Now, you can argue, and I won't disagree, that Bill Gates made some serious mistakes during this deposition, not the least of which was coming across as hostile and uncooperative. But that's a question of public relations, not law.

Anyway, Orlowski's repeated assertion that Bill Gates said "The computer wrote" that e-mail isn't true. It makes a great urban legend, but it isn't based on the facts. Unfortunately, when a savvy reporter like Dan Gillmor prints a story like this one without comment or fact-checking, it becomes another hit in the Google cache, and pretty soon this "fact" becomes common knowledge.

I know Dan has been busy lately with his new venture into "emerging grassroots journalism." This is very exciting stuff. I wish him the best of luck and can't wait to see and maybe even participate in it.

December 08, 2004

Integrating SP2 into a Windows XP CD

If you set up multiple PCs regularly, it's useful to have a single CD that can install Windows and the most recent service pack. The Elder Geek has crystal-clear instruction on how to create your own Slipstreamed Windows XP CD Using SP2. Works like a charm.

Mad about spam

Via Poynter Online comes this report:

Former WHYY reporter Rachel Buchman left this voice-mail message -- with her work number -- for the conservatives at Laptoplobbyist.com: "I wanted to tell you that you're evil, horrible people. You're awful people. You represent horrible ideas. God hates you and he wants to kill your children. You should all burn in hell. Bye." The station says: "Rachel has decided to move forward with her career and her life."

A follow-up story adds a few extra details:

[Buchman] says she left a nasty message for the people at Laptoplobbyist.com because she was tired of spam. "I was incensed that I wasn't going to finally get to ask a real person to remove me from the list," she writes. "The answering machine asked the caller to leave a name and number, and without thinking, that's what I did."

OK, Rachel's message was a little over the top, but tell the truth: You've screamed similar sentiments at your inbox, right? For the record, I think her only mistake was leaving her work number.

PS: I won't link to the site she called, because they really are hateful and they really do represent horrible ideas. And if they ever put me on one of their mailing lists, I'll probably call them myself.

December 07, 2004

A silent power supply

I have an office full of PCs, and the noise from various and sundry fans sometimes gets a little annoying. So I'm intrigued by this completely fanless PurePower Power Supply from Thermaltake.

The heatpipe with glowing copper fins for thermal dissipation looks pretty cool, too. (Or maybe it just looks hot. I'm not sure.) Anyway, at $150 retail this is pretty pricy.

Anyone tried one of these things?

MCE communities

If you're thinking about buying or building a Media Center PC, here are two communities of users that can be a big help:

• The Green Button (TGB) is run by a couple of Media Center enthusiasts and has an excellent forum, as well as links to downloads and their own homegrown knowledge base. Warning: The site can be slow to load.
• XPMCE.com also has an active forum. Its links to downloads and its FAQ are less complete than TGB's.

In my research, I've found both forums useful.

December 06, 2004

Media Center Extender arrives

I finally got a Linksys Media Center Extender. Impressive! It plugged right in, set up quickly, and works extremely well over my wired Ethernet connection. I'm not sure how well a wireless connection would do, so I'm glad I made sure to put an Ethernet jack behind the TV when we built our house!

These things are surprisingly hard to find. I originally ordered one from Buy.com, but after I had waited three days for a confirmation I sent them an e-mail and they admitted it wasn't in stock after all, despite what their Web page said. (This is the third time Buy.com has pulled this crap. They're off my list of acceptable suppliers.) Next, I went to Amazon, but they said it might take a week to ship, so I ordered from Newegg.com and had the box in 48 hours.

Probably the most impressive feature is the speed and ease of managing my digital music collection, which has close to 12,000 tracks on nearly 1000 albums. It takes up to 5 seconds for the listing to appear initially, but after that, searches are nearly instantaneous, and the sound quality is exceptional.

I'm compiling a list of minor glitches I've encountered, but all in all the Media Center products are working spectacularly well, and I have no serious complaints.

P.S.: Amazon.com has the Linksys Media Center Extender on sale today for close to the best price I've seen: $250, with free shipping. Amusingly, their product details page says the box weighs 145 pounds and standard shipping will be $90. Of course, the actual weight is about 6 pounds. I sent a correction last week but they still haven't fixed the mistake.

December 05, 2004

Building a new Media Center PC

I'm so thrilled with the way my test PC runs Windows Media Center Edition 2005 that I'm building a new MCE system from scratch. Coincidentally, Scoble pointed me to Matt Goyer, who is doing the same thing. Here are his specs:

I'm building an NTSC Media Center for my family. My requirements are that it's in a HTPC case, has wifi, and is low cost. Here's what I'm thinking:

• Shuttle XPC Barebone System for Socket 478 at 533/800MHz FSB Intel CPU, Model SB65G2 $190
• Intel Celeron D 330 2.66 GHz, 533 MHz FSB, 256K L2 Cache Processor $88
• Seagate 200GB 7200RPM IDE Hard Drive $116
• NEC 16X Double Layer DVD±RW Drive, Black $65
• 512MB DDR PC2700 from Crucial $83
• Hauppauge WinTV-PVR-500MCE (dual NTSC tuner)
• ATI or NVIDIA graphics card w/s-video out

Is a Celeron going to be enough? Any way to do this cheaper?

My setup is similar:

• Shuttle XPC Barebone System for Socket 478 at 533/800MHz FSB Intel CPU, Model ST61G4, $245
• Intel Pentium 4 3.0GHz 800MHz (Northwood), refurbished, $175
• 200GB Maxtor SATA drive, $108
• 512MB DDR PC3200 RAM from Crucial, $92
• NEC ND-3500A DVD+/-RW 16x, $67
• Hauppauge WinTV-PVR-150MCE TV Receiver, $70

I looked long and hard at the Shuttle XPC cases and chose the ST61G4 because it has excellent integrated graphics. In the small form factor Shuttle cases, not having an extra video card is a big deal. It also cuts down on noise, because there's no video card fan. I read lots of reviews, too. This excellent and very thorough report from Xbit Labs probably had the biggest influence on me. I chose the refurbished processor specifically because I wanted a Northwood CPU; from everything I've read, the newer Prescott CPUs just get too hot. I have nothing but good things to say about the Hauppauge tuner cards. Matt chose the two-tuner version, but I am willing to go with the simpler one-tuner version because I have to go through a cable box, and the PVR-500MCE (which Matt chose) has a single coax input, with its splitter on the card itself. The only way you can use both tuners on this device is if your input comes directly from a single feed (no premium channels). (Update: I switched to the dual-tuner card a month or so later, getting a second cable box, for $5 a month, to feed it. The first input goes to the coax connector on the DVR card; the second input uses the S-video connector. Media Center manages both tuners quite nicely.)

How does this system compare to Matt's? Well, I'm spending a few bucks more on the Shuttle case, but the net cost is actually going to be less, because I don't need a separate video card. I'm paying about $86 more for the CPU, but I think the performance boost from a Pentium 4 at 3GHz on an 800MHz FSB is worth it when compared to a 2.66GHz Celeron on a 533MHz bus. Everything else is about the same, cost-wise.

All the pieces should be here this week. Whether I'll actually put everything together this week is questionable, as I have several deadlines. I'll probably steal 10 minutes here and 15 minutes there and build it a little at a time.

When all is said and done, I hope to have the best of both worlds: The Cox HDTV-PVR recording anything I intend to watch in HDTV, and the MCE box doing lots of other stuff, especially movies on non-HD premium channels. The recording capacity of the HDTV-PVR box is so limited it's not practical for everyday use. The digital music and photo features of the MCE box are killer as well. But that's a topic for another post...

Dilbert on passwords

This is just too true. Thank goodness I don't have to work in a corporation and try to explain this stuff to people in suits.

December 01, 2004

The (continued) decline of the PC press

Alan Meckler offers up his thoughts on PC Magazine The Barometer:

The Internet is killing PC Magazine and its competitor PC World ... just as it has killed several other books over the previous few years. The information in these magazines is dated by the time it is published because of the speed of Internet publishing. Price guides and comparisons are nice to see in print, but this information is more readily updated and found on hundreds of Web sites that are changed daily.

I have long been predicting the further decline of trade and tech print magazines. This latest news from Ziff Davis only reconfirms what we have all been watching -- a very slow but steady decline and death of computer magazines.

A while back I snagged a three-year subscription to PC Magazine's electronic edition for something like 12 cents an issue. It arrives via the Zinio Reader, and for the last few months I haven't even bothered opening it. I didn't renew my PC World subscription either. PC Magazine's Web site is a pitiful joke, as I and others have blogged before.

So, how long before PC Mag is gone completely? Anyone want to start a pool?