Wednesday, November 16, 2005

Sony finally recalls their evil CDs

Sony took Uncle Mark's advice and pulled their CDs.

As noted earlier, these are the CDs that have the "root kit" that compromizes your computer when you want to listen to the CD on your computer. It took a lot of pressure, but they are doing the right thing.

Monday, November 14, 2005

Free TV!

As if to prove Uncle Mark's point about content being cheap to be useful, AOL and Warner are bringing free TV downloads to a computer near you! This, in response to Apple's bringing out the video iPod and allowing you to buy music videos and TV shows on their iTunes software and service.

Now, the question of all questions: Why would you want to ruin a perfectly good computer by watching TV on it?

Friday, November 11, 2005

Sony Pulls their "Copy Protection" Scheme

Sony decided to suspend making music CDs with their anti-piracy root kits.

I have not seen anything yet on whether they are going to recall the CDs they sent out with this code on it.

Frankly, Sony behaved badly on this -- they have suspended making these CDs, but only because they have gotten heat from it. They are not recalling the CDs that are already out, and the Mark Russinovich on his Sysinternals blog (and the guy who broke the story) notes that the uninstall kit Sony provided was not easy to get to -- you just can't download it, you have to fill a web form asking where you purchased the "disc," the artist name, store name, and provide your email address. Then, they email a link to yet another form, at which point I quit. I didn't have the rootkit on my computer, and did not want to install anything from these guys to get rid of it.

So... What to do? I am going to avoid artists and CDs from Sony Music until they recall the CDs they sent out and make their correction much, much easier to do. That's just me.

Copy protection has been around for years and years, for both music and for computer programs.

The music industry has had a love-hate relationship with technology for ages. In 1942, the musician's union (AFM) stopped all record recordings because "recording was ruining the jobs of 60 percent of the AFM membership." Wax records were being used on radio and at dances at the expense (the union claimed) of live music. This union action because of advanced technology went a long way to killing all Big Bands in the US. This is copy protection in a big way -- prevent the first copy from ever being made! More info on the ban is here.

More recently, the record and media companies tried to collect royalties on blank tapes. They claimed that any copying for home use of their TV shows was a violation of copyright. They were willing to be bought off by tacking royalties on blank tapes -- tapes with nothing on them! This was overturned by the Supreme Court in 1984. But, their efforts lived on in getting royalties from DAT (Digital Audio Tape) machines and tapes later on in the Audio Home Recording Act of 1992.

As for computers, in the '80s, Lotus Development had the spreadsheet program: Lotus 123. Its success fueled the success of the IBM PC and Microsoft's MS-DOS operating system. And, it was copy protected. You had to have a floppy disk that the software would read before it would run. In addition, the software recorded information outside the normal areas of the floppy disk, so that you could not copy it normally. Thus, Lotus forced you to buy one copy per computer.

Almost all computer programs sold in the '80s tried to have some sort of copy protection scheme. Some required a hardware key that is installed on the computer, that the software checks when it runs. They are still being used for specialized uses. Some, like Lotus 1-2-3, had key disks.

There was one very notable exception: Borland International, which sold a zillion copies of their "Turbo Pascal" programming environment for MS-DOS. They called their license the "No-nonsense License Agreement" and asked you to "Use it like a Book," meaning, you can use it on only one computer at a time. If you have one at work and one at home, you can install it on both, as long as you only use it like a book -- one user at a time. There was no copy protection on the software. They sold a ton of Turbo Pascal, and it made Borland as a company.

Now you have license "keys" in which you type a string of codes to unlock the software. This is used in one way or the other by almost all major software vendors. Each software company has difference responses to what happens if two or more people enter the same key. Microsoft has started to be hard-line about it -- they used to be fairly open. The issue with Microsoft is that overseas markets, most notably China, would sell literally millions of unauthorized copies of the software (called "pirating") with no recompense to Microsoft. China, being a communist nation, has had no real laws regarding private property, let alone copyright laws. One way to force the issue is to disable the software until someone at the company unlocks it.

Similarly with music. You can copy music from a music CD really easily, and it makes a file that is easily copied. With the advent in the last few years of high-speed internet service, and the internet itself, copying from one computer to another over the internet quickly and cheaply became very doable, and lots and lots of people did it -- mostly kids and college students. Software like Napster allowed people to communicate directly with each other, and search for music on hundreds and thousands of shared computers. Just click to download. I myself found songs that were out of print for years by just searching for it. It was amazing.

It is and was so easy to copy music that people started to do it, legal or not. Each time someone downloaded a song that they did not already have in some medium (like Vinyl or CD) the copyright law was broken, and the record companies even challenged the right to download songs you already had.

This latest ploy by Sony is the latest of a number of ploys used to keep this from happening.

My view is that the law, obviously, needs to be followed, and more importantly, recording artists and even the recording companies (who are taking some risk promoting a band) should be compensated for their art. Free music for all will eventually mean no music for all, because except for a few diehard musicians, no one will record anything. If you don't get your paycheck on Friday, will you show up for work on Monday?

I also believe that Sony and all other music companies can do whatever they want to try to prevent copying of music, provided they do not invade my privacy or damage my property. Sony crossed the line on this copy protection scheme -- they are damaging computers by doing this, by opening them up to attack, slowing the computer down, and modifying the basic core software of the computer. But, Sony can, in non-intrusive ways, protect their investment otherwise. If they want to tack on a request for a password everytime their CD is played, fine. If they want to have the music run only on a program of their design that checks sony.com every time is it played, fine. They can do that. And, the consumer can not buy it, too.

I believe that if the music is good enough, most, or at least many, people will buy it if it is easy enough to do so, regardless of whether it is copy-protected or not. Most people are ethical. Those who steal it if it is easy to buy it will not have bought it in the first place, and will have to deal with their Karma when they grow up. Sony, you would think, being based in Asia, would get this, but...

Apple has found the answer for now. It is not perfect, and it is not as good as just going out and getting the (non-copy protected) CD, but it is workable, and good for when you just want that one song or maybe just a few songs that you gotta have now. Apple's financial results is what will drive Sony to do the right thing, just as their own lack of financial results will do the same. Say what you want about corporate greed: it works in your favor when no one buys what a corporation is selling.

Friday, November 04, 2005

Sony Releases Fix to Rootkit

Sony has been burned by the negative publicity of their using deceptive and basically illegal code on their audio CDs to prevent copying their music. Now, PC World notes that they have issued a fix.

Sony states that the software "component" is "not malicious." Their intent may not have been malicous from their point of view, but the effect of the kit is very malicious in that it modifies your operating system without your consent or knowledge, is virtually impossible to remove, and is sloppily written.

What they should do is not issue a fix, but recall the CDs that have the rootkit on them. But, issuing a fix is a good start.

Thursday, November 03, 2005

The Law of Unintended Consequences, Sony, and "The Warden"

My last posting warned of a "root kit" that Sony installs when you run certain of their audio CDs from your computer. News from slashdot shows that Sony's little program can be used to thwart other invasive schemes!

Turns out that a gaming company called "Blizzard" has a game called "Warcraft" that installs a piece of software called "The Warden" that "monitors" the use of the game to ensure that the gamers don't install "cheats" to get around the rules of the game. Since it is considered effectively spyware, they generated heat for doing this. The BBC had a story on this Monday.

Well, the same people who want to cheat Warcraft have found that the sloppy code of Sony's rootkit actually can be used to their advantage by hiding the cheats from "The Warden" -- and, of course, they are doing it!

Just shows you that you cannot keep determined people from getting around these things.

Meth use and Identity Theft

USA Today had an article about a month ago on Meth users being recruited for identity theft rings. What struck me about the article was the sentence "Meth addicts can stay up for days performing menial tasks, such as testing the validity of credit card numbers on websites and buying goods online." What a waste! People staying up for days stealing money so they can take more meth to stay up for days stealing money. Crazy.

Monday, October 31, 2005

Do Not Buy Sony Music CDs

As part of its new "Digital Rights Management" system -- which is used to copy protect music bought on their CDs -- Sony installs a piece of potentially malicious code called a "root kit." "Root kit" is defined here. It is a back-door program that interrupts and intercepts your computer's functioning.

Slashdot, the hard-core nerd's news source, listed the issue today. It references this article from SysInternals.com -- another very techie web information source.

It makes interesting reading for those that are versed in such things. The issue is that the software is installed, it takes over key sections of your system, is badly written, cannot be easily uninstalled, and opens a potential hole in the security of your computer. It is too invasive and is a heavy-handed approach to securing rights to digital music. Just don't buy it -- if you buy music, buy it from non-copy-protected CDs or Apple iTunes.

Wednesday, September 14, 2005

Cookies -- The Web Browser Kind

I received, too long a while back, a question about cookies. What are they? Are they bad? Should they be deleted?

First, what is a cookie? A "cookie" is, essentially, a piece of data that your browser stores on your computer that is maintained for a web site. The website interacts with your browser to store this information so that it can be retrieved later. For example, a cookie could contain your login name to the web site, or your preferences for how you want the web site to display data to you. It can also store where you went in the web site last time you were there. The primary use of cookies is to allow a web site to know who you are when you visit the site.

Cookies on their own are benign. They do no damage. They just store information.

Why the term "Cookie?" Well, when you see computer terms, remember that the people who invented them are/were very "technical." These are the guys who created the term "bit" for "Binary Digit," which is fine, but then had to go and make a "byte" eight "bits", and a "nybble" four bits, or half a byte. The derivation is unclear, but visualize a web site handing your browser a real cookie and saying "hold this; I will ask for it later." When you visit the web site later, the site asks "say, do have that cookie I gave you? Let me take a look at it." The site then looks at the cookie and says "yeah -- that's right. This is you. You searched for 'X' last time, and your login is 'Y', and... etc."

Why are they needed? Well, as mentioned above, the answer is that it allows a website to remember the browser (i.e. your computer) between visits. For those sites that offer personalized content, like "my yahoo" or various newspaper, magazine, and commercial sites, this is very useful. In fact, cookies make life easier for you as well as the sites that use them, since they prevent you from having to continually tell the site who you are and what you want.

However, some cookies, called tracking cookies, are used to ID you for advertising or marketing purposes. Advertising sites that display ads and various marketing information sites keep cookies to ID you, and therefore know which ads you have seen, which sites the ads were on, which ads you clicked, etc. They know the types of sites you visit, and sometimes where in the site you went there. They know the date and time you visited. They probably don't track you personally, but they know your browser.

This activity is what people object to who object to cookies. The proponents of this use of cookies say that they allow the user (i.e., you) to have a "better online experience" since the information they keep on you is used to fine-tune the ads and sometimes the content you see. The detractors charge that this information is collected without your knowledge, without explicit permission (you gave implicit permission when you allowed your browser to use cookies), and is an invasion of your privacy. They don't necessarily trust that the information collected is not used for nefarious purposes.

Will it kill you to have this information kept? In reality, no, but it is a bit "creepy" to know you are being watched. Advertizers and marketing companies can't track people watching TV or listening to radio, but they sure can track you with a web browser, and they do.

As a result, these are the cookies you will probably want to get rid of.

How do you do that?

Well, one way is to have your browser delete them. This is a shotgun approach. You will lose all cookies, including the ones you may want to keep around.

Another way is to use an anti-spyware or anti "adware" program that knows which cookies are tracking cookies and which are not. This is the better approach. This is a field that is evolving every day, so I hesitate to recommend a specific program, but I have found that Lavasoft's Ad-Aware and Spybot are two good tools. I have used both to success. There are other companies that have this - even Microsoft has an anti-spyware product in beta testing.

These cookies are not as harmful as viruses, so I do a scan every other week or so.

Friday, September 02, 2005

Netflix -- Doing the Right Thing

If you rent movies, rent them from Netflix, instead of driving over to your nearest rental outlet. As are many in this country and across the world, I have been following the events in New Orleans and the other areas stricken by Hurricane Katrina. This is off-topic for AskUncleMark, but I had to report on this.

A poster on a New Orleans blog posted this note from Netflix, which was sent to the customer base in the hurricane affected areas:

The U.S. Postal Service has let us know that postal delivery to your address has been interrupted due to Hurricane Katrina. All of us at Netflix extend our sympathies to you and your loved ones during this difficult time.
We want you to know that we have stopped billing your account and are in the process of issuing a refund of your last bill. When you are ready to resume your service, please visit the Netflix website, where you will have the option to restart deliveries. When you restart your service, your first month will be at no charge.
If you would like us to send your DVDs to a different address, please click here. If you would like to speak with us about your Netflix service, please call our Customer Service Team at 1-800-715-2130 which is open Monday-Friday from 6:00am to 7:00pm Pacific Time and Saturday-Sunday from 6:00am to 2:30pm Pacific Time.

Sincerely,
The Netflix Team

This is truly awesome. Netflix is a great service, and this gesture shows that they have heart.

Thursday, September 01, 2005

Hurricane Katrina -- blog of note

Our hearts go out to the victims of Hurricane Katrina.

slashdot mentioned a blog of an Information Technology tech in New Orleans, Michael Barnett, who is with a computer support team in a high rise in downtown New Orleans. They're keeping the data center running. The running commentary, starting on Saturday with the understatement of the year ("Hmm. This could actually be a nasty storm."), is fascinating. It's a combination first person account, and posts related to keeping things going. As of this writing, they are still in the building. Check it out.

God speed Michael and team.

Friday, August 26, 2005

Litrix

I ran across a web site called "Litrix.com," set up by Stan Jones, an author in Alaska.

Litrix contains books and stories, most of which are in the public domain (those that are not are published with permission). He has captured many of my favorite stories and books, such as The Adventures of Huckleberry Finn and other works by Mark Twain, The Man Who Would Be King by Kipling, Lord Jim by Joseph Conrad, Extraordinary Popular Delusions and the Madness of Crowds by Charles MacKay, and many, many others. The next time you feel the need to read some trash novel, read one of these, instead!

Monday, August 22, 2005

Uncle Mark Spammed!

Well, I'll be! Blogspot, who is graciously hosting this blog, has been having a slew of issues with "spam blogs" or... "Splogs." A splog is a blog created on a free blog service, like blogger/blogspot, and has a progran that runs periodically that just spews advertising on it. The blog then posts as new, and the search engines, like "google" and others, pick it up. What it does is pollute the blog world.

In Ask Uncle Mark's case, we got a "spam comment." Some lowlife saw the change on the blog, and auto-posted a comment selling worthless stock. I had thought that by limiting comments to registered "blogger" people, that that would cut that out. But no, the spammer had a temporary blogger account with which to do the deed.

To stop this abuse, Blogger has put in place some new safeguards. The first is to allow readers to flag a blog as offensive. This is not a bad idea, but is after the fact -- someone got offended by a blog. The one I am using to prevent spam comments is "word verification." You may or may not have seen this. If you decide to comment, you will be asked to enter a word into a form. The word (sequence of letters, really) is a graphic image, which us humans can fairly easily read, but which computers can't. A computer can play chess against Garry Kasparov and win, but it can't easily read a graphical rendition of letters. This will prevent spammers from automatically entering comments into the blog. I want people to comment, but not spam people!

Monday, August 01, 2005

UK Man Fined for Using Someone Else's Wireless Network

In an article in the BBC News, a man was fined for using someone else's unsecured wireless connection. In this case, the person who owned the network apparently didn't know -- the police saw the guy using his computer in his car in the neighborhood.

The article is worth reading -- in the UK, if someone has an open (unsecured) network, and you connect to it, it is considered a crime. However, there are lots of open networks that are open to the public. How can you tell the difference? Really, you can't.

I am not sure what the implications are in the US. I know of several people who cruise business parks and neighborhoods for open networks, and then connect up. Right now, there are so many open networks that are legitimate to use at coffee shops and book stores, that the matter is quickly becoming moot.

For your own wireless home network, the answer is not to leave it open. I owe an entry on securing wireless home networks -- that will be forthcoming...

Sunday, July 31, 2005

DVD Blowout

Sorry for the gap in entries -- Uncle Mark had a few things to do. But, we are back.

As I mentioned in an earlier post, we moved to a new house. Moving takes a lot of time, and I hadn't the chance to work with our computer much. When I finally got back to the computer, I noticed that the DVD/CD drive was stuck -- would not open. I messed about with it and finally got it open -- the CD that was in it was jammed, and I managed to keep it from getting in the way of the door when it opened.

When it did open, I saw something I had never seen before - a completely shattered CD. The drive was full of fragments and shards of CD. I suspected a few things - someone had put the CD in the drive incorrectly, and it shattered when it was closed, or that my boy had gotten into it somehow. However, neither made sense. I don't know if you have ever tried to break a CD or not, but it is not an easy task. One way is to just fold it in half (no doubt you should be wearing eye protection) until it snaps. You will get either a very bent CD, or if it snaps, two halves and some shards. You do not get the whole CD in shards, which is what was in my DVD drive.

Being a professional, I tried to see if I could fix it. I have a Gateway, relatively recent model, so it is built to be easy to service. I turned it completely off, and unplugged it. I popped the side off, and unscrewed the screw holding the DVD drive in its bay -- one screw, and the screw has ridges on it so you can unscrew it with your fingers.

Drives in PCs have, usually, two cables going to them: A power cable, and a wide, flat data cable. Both cables connectors are set up so that you can't put them on backward, which is nice. I just pulled them off before I slid the drive out of the bay. The power cable is usually a bit difficult to pull off, but it is rugged, so you can just yank away. By the way, this is why you unplug the computer -- you do not want to be zapped when working on your computer. Oh, you'll probably recover, but your computer can easily get fried.

Sliding out the drive, I heard a very ominous sound. What you are supposed to hear when you turn a drive over is nothing. What I heard was what you would hear if you had a bag of broken glass and rolled it around. When I slid out the tray and shook the drive, chunks of CD of varying sizes fell out.

I knew that the drive was probably a goner. Usually, in this circumstance, you would chuck it and get another. However, with nothing to lose, I elected to open the drive to see if I could clean it out and get it working again.

This is something that you really shouldn't do -- you can maybe get away with it with a DVD or CD drive, since they are relatively open, but you can not do this with a hard drive, and expect it to work again. Hard drives are hermetically sealed and need to be worked on in a "clean room" (not your mom's living room, but a lab with filtered air) by very patient people wearing paper suits who have the right equipment. But a DVD drive that is already busted -- there is a slight chance of success.

I opened it up, and there was shards all over the place, and CD "dust". These are shards so small that they are like diamond dust. I did what I could to take out the pieces and clean out the dust, and then I put it back together, and put it in the computer.

Alas, it didn't work. It was better, but computers are binary -- either they work, or they don't, and the DVD drive didn't.

So, yesterday, I decided to buy a replacement. We are up in the North Bay of CA, and there is a computer and electronics supply shop nearby. I could have gone to the chains, maybe Best Buy or Fry's, but I like to shop local.

I found a DVD drive for $30. I expected more like $70 or $80, but here it was for $30 -- and not some off brand, either, but LG, which is a respectable manufacturer.

I took it home, and installed it. Took ten minutes, and almost zero configuration. However, a bit of warning is in order:

When replacing a part in your computer - should you want to attempt this - it is important to exactly duplicate the settings of what it is you are replacing. There are these things called "jumpers" that configure selections on hardware like drives, motherboards, video cards, etc. In this case, there is a jumper on DVD drives that gives you three choices: "Master," "Slave," or "Cable Select." The DVD I bought had this set to "Slave." The DVD that was broken had it set to "Cable Select." What is this? Well, you can Google it, and there is a ton of info on this, but suffice it to say that is a technical hardware setting about how the drive is to be treated by the computer's communications system. What should it be set to? That is easy -- make it the same as what you are replacing. In this case, the one I was replacing was set to "Cable Select," so I moved the jumper (a very tiny little connector that "jumps" between two posts) to the setting for "Cable Select." I put the computer back together, plugged it in, turned it on, and it worked! It played a DVD movie, and played a CD.

So, how did the CD shatter in the first place? Well, a bit of research led me to the conclusion that the CD that shattered was a bit defective -- physical flaws. The drive is (was) capable of spinning CDs at 40-50 times normal speed. Basically, the drive was spinning the CD so fast that it blew up! I did not know this could happen -- but it can!

All is well now, though. I guess the moral of this story is, treat your CDs with care!

Wednesday, May 25, 2005

High Speed Cable Diary

We moved to a home that allows us to get high speed internet service. Up until now, we were stuck with dial-up, which, in this age of digital music, digital cameras, and video, is abysmally sloooow.

We chose Comcast Cable since it was available, and looks to be faster than DSL. The old cable days of sharing lines with your neighborhood are supposed to be over, and so cable promises to have the fastest speeds available.

We called and ordered the service. They promised installation next week inside a two-hour window. We asked for an earlier date, and they said they would try to accommodate. The next day, they called with a new time, which ended up being yesterday between 9am and 11am. They were on time. I was unavailable at the time of installation -- my mother-in-law is staying with us, so she was there during the installation. When I got home, it was working.

We bought a Linksys cable modem. I like Linksys, mainly because Cisco bought them, and I am a fan of Cisco. However, while the cable modem was working fine, the power supply was buzzing like a banshee, and so I took it back to where I bought it and got a new one.

And the problem started. I plugged the new one in, and it did not work. I looked at the paperwork that Comcast left, and noticed some interesting pieces of information:

1. My user name.
2. My password.
3. My IP, or Internet Protocol address (this is the unique address on the Internet or World Wide Web).
4. My "MAC" address -- "Media Access Control" address -- of the cable modem.

The MAC address is the underlying hardware address of a network card. Your computer can run a number of higher-level network protocols, or types, such as Internet Protocol, Novell's IPX/SPX protocols, AppleTalk, etc., but in each case these protocols work "on top" of a physical network. The cable modem (at least this one) runs a protocol called "DOCSIS," which means "Data-Over-Cable Service Interface Specifications." My home network runs Ethernet. Each of these low-level networks have MAC physical addresses, and TCP/IP, the protocols of the Internet, run "on top" of these physical network types.

As a quick aside, that's the beauty of TCP/IP -- it runs on all sorts of physical networks, and yet all the computers running it can communicate as if they were all on one huge physical network. You don't know or care what the physical network that a particular web site is sitting on, all you need is its internet address, or its "URL" (Universal Resource Locator), which translates into its internet address. More on this at a later time...

One interesting thing about MAC addresses: they are universally unique. No two network devices have the same MAC address. It is part of the specification that manufacturers agree to when they build network cards. There is nothing that will bring a network down to its knees like have two addresses that are exactly the same, so the rule is rigid.

Turns out, Comcast, and all other cable internet providers, register your cable modem's MAC address as part of your account information, and match the MAC address to the IP address it gives you.

Therefore, when I replaced my cable modem, Comcast did not know anything about my new modem, and my service did not work!

This should be easy to fix. I suspected this when I saw that they had written the MAC address on the form -- it meant that it mattered for some reason. I also noticed that they wrote down my IP address. This means that it does not change (or else, why write it down?).

So, I called Comcast. The usual wave of "voice prompts:" "Press 1 if you want instructions in English, 2 for Espaniol..." Finally, I got a guy on the phone. I told him what was going on, and to make a long story short, he said my computer was faulty, and I needed to get my operating system disks. This was absolutely false. Nothing changed except I had a new modem. I fed the tech information like the new MAC address of the new modem, which he entered into his system, but he maintained that the computer itself was a fault. Knowing this was not true, I thanked him for his time, and hung up.

So, the cable was no longer operative. Now what?

I did what we all should do in times like these: RTFM. This means "Read The Freakin' Manual." I turned off the computer. I turned off the cable modem. I read the instructions that came with the cable modem, which are very easy to read, in large type. I turned the machine on. I saw that I had the correct IP address!

I ran the browser. I got redirected to Comcast's start-screen -- the new user registration screens. I said I was an existing user. They asked me to download their installation program. I did. I ran it.

The installation program noticed I had another cable modem on the account, and what did I want to do: add a new one, or replace it? I chose replace it. The program did so, and reset my modem. When it was done, lo and behold, everything worked!

This was really all I ever had to do.

Now, some twists: I added an internet router. This is important, as Uncle Mark said in earlier messages. What did I do there? I turned off the modem, RTFM (this time, the router manual), connected up the router, connected the PC to the router, and turned it all on, and everything worked!

One note -- I had to release my IP address on the computer ("ipconfig /release"), and then renew it ("ipconfig /renew"). This is done from the command line, which you get when you go to the Start Menu, click "Run...", type "cmd" and then click OK. Why? Because Comcast named my computer, and just renewing my address (from the router, using "ipconfig /renew" left the name alone. You can't have two machines with the same name on the Internet, so the router could not get my computer's address, and therefore it failed. This is really techie, so:

1. Turn off everything - the modem, the router, the computer.
2. Turn on the modem. Wait a few moments.
3. Turn on the router. Wait a few moments.
4. Turn on the computer.

This is the "bunny run" way to do it, but it'll get 'er done, as they say.

From all of this, what can we learn?

1. Your cable account, if you have one, is mapped to your specific modem. If you change your modem, you need to re-register it with the cable company.

2. Technical support, at least for the home user, generally stinks across the board. Do not think I am picking on Comcast here. I have had very similar conversations with SBC (their DSL service), Intuit (their "Quicken" software), Earthlink, South Valley Internet (a local service provider in San Martin, CA), and others.

3. Let everything have its head. Isolate and do things one at a time. Everything turned off. Cable modem turned on, then checked to ensure all lights are as they should be. Then router. Then computer. Time between to allow each to start up fully. Discrete changes.

4. If your computer works in the morning, and the internet is working, but at night the computer seems to be working but the internet is not, and you do not see or smell smoke, it is not your computer or its settings that are wrong! Something happened on their end.

In other words, do not believe them if they say you need to reinstall your operating system or buy a new computer.

Now, a caveat here. You can only pull the number 4 card above if you have a computer built in the 21st century, are up to date in your operating system patches, have up-to-date virus control and definitions, the power is on, all cables are connected properly, and your dog, cat, or baby has not decided to eat part of your computer system that you can't see.

Support people have a protocol they follow when they answer calls. They check some basic things, and they ask you for some information. They assume you do not know what you are talking about (but they are usually polite about it), and they will not deviate from the script. The guys who write their scripts are company guys, and they reach the part where their service is down at the end of a very long and dragged out procedure, which includes, in many cases, blaming your computer and having you reinstall everything. I used to follow along with them, knowing I could recover from whatever they do, but I don't anymore. I once spent half a day on the phone with SBC on a DSL problem that ended up being that one of their main service stations had a blown board (which I basically stated at the start of the conversation) - but it took half a day!

So, what to do? Do the basics, as above. RTFM. Call the provider. And if they have you pulling out system CDs, stop right there, and Ask Uncle Mark!

Wednesday, May 18, 2005

German Spam

Some of you have been getting innundated with German emails. This is not "spam" in the usual sense, which is an advertiser blanketing you with emails, but is rather the result of a modified Email virus.

This article on PC World talks about it.

There is a class of email viruses that infect your computer, searches your computer for email addresses, and then sends itself to these email addresses. McAfee's Virus Information Library calls it Sober.p -- here is the link to the info.

Those of you that are up to date on your anti-virus files and Windows patches only get annoyed by the spam from your infected neighbor. Those of you who do not have adequate anti-virus controls may be the ones sending the spam!

So, if you are getting flooded with these German spam messages, this is the cause, and it will die down once this virus gets under control.

Friday, May 06, 2005

ScreamBody

A humorous aside -- I received this link for the "ScreamBody." It is amazing what technology can do. The video is a must-see.

The ScreamBody is the work of Kelly Dobson. She is a PHD candidate at MIT Media Labs. Check out her site -- Blendie the voice-activated blender is a must-see as well. I like that she mixes her research with a tongue-in-cheek attitude.

Wednesday, May 04, 2005

Internet Lesson from 2001

All,

When going through my email today, I came across the following note I send to friends and family in June 2001, which I copy below.
=============
Everyone,

Rule number 1 of internet web cruising and emails:
Believe Nothing. Assume a hoax until proven otherwise.

I ran across this story today that is revealing:

http://www.mediaguardian.co.uk/mediaguardian/story/0,7558,497418,00.html

[Note: you have to register to see this -- free]

This reminds me of one of the great business scams of
the modern era -- another case of someone taking
advantage of the gullible:

[Alas, this was an article from the Industry Standard -- that venerable guide of the Internet Bubble Era. It is no longer available. See below.]

Both articles are enlightening. It is unfortunate that
some people choose to dupe others, or just plain lie.
The internet makes it much easier for people with
these tendencies to ply their trade, so to speak.

I guess the guiding principle is: "Caveat Web-tor"

Cheers,

Mark



The first article is about a website dedicated to a girl, Kaycee Nicole, who was dying of Leukemia. The website was updated by her mother and captured the pain of childhood cancer. Eventually, Kaycee died. Many, many readers and well-wishers read the site, offering gifts and sympathy. Except, the site was a hoax! Kaycee did not exist. The writer was a Kansas woman whose site and story got away from her. She wanted to be a voice for cancer victims, and ended up creating the personna of Kaycee, and it steamrolled.

The second article was an article in the Industry Standard that tells of an "Internet Technology" company that had a product that sped up internet downloads by 100-fold. Except that there was no product -- it was all vapor. The company CEO got millions in funding from unsuspecting (and internet-greed-crazed) dupes -- mostly doctors in Southern California. Turns out the "CEO" was a small time con who saw big-time opportunity in the bubble. The article was written in 1998, and was the cover story for that week's Industry Standard. I have it in "hard copy" (computer-dude speak for "on paper") somewhere in my boxes.


So, "Caveat Web-Tor!"

Sunday, April 24, 2005

Ten Things You Should Know... About Using the Internet

We are having our yearly customer conference this week, and my team creates the portal and other web tools used by our customers to get information about our company, tools to better maket and sell their (and our) products, and manage their orders with us.

I put together this list of "Ten things you should know about using the internet" for our customers. In order to get to our web sites, they need to have working systems, and many of the calls we get are just plain "how do I use the computer?" and "why is my internet connection
so darn slow?" questions.

The assumption here is that PCs are being used, and not Apple Computers. If you have an Apple, you need to update the patches as well (see #4). Apple does a good job of making this easy.

Since I think these tips will help all internet users, Uncle Mark is passing them along here!

  1. Always use a computer virus control program, and update it daily.

Using antivirus software is a necessity if you are using the internet. If you are not using antivirus software, you will be infected. Virus infections can destroy your computer information, forcing you to erase everything and rebuild the system. Email viruses will tie up your system and spread malicious emails to all of your friends and family.

Virus software must be updated daily. When a new virus is introduced, it can spread globally in just a few hours, so you need to be up to date at all times. The standard packages make this easy to do – just set it and forget it.

Symantec and McAfee are the standard vendors of antivirus software. The cost is around $50. Well worth it.

  1. Always use a firewall when connecting to the internet.

Attaching your computer to the internet exposes it to the entire internet community, including hackers and other purveyors of mischief. Home and small office PCs that are not protected by firewalls are commonly commandeered by hackers to store illicit information or are used in attacks on other computers. This often happens without the computer’s owner knowing it is going on. A good firewall is the answer to this problem. A “firewall” is a program that runs on your computer or on your internet router (the device that you use to connect to the internet) that prevents anyone from connecting to your computer, unless you want them to. You have to have one.

McAfee and Symantec make personal firewalls, as does ZoneAlarm. LinkSys and other internet routers have firewalls built in to them, and are a better choice if you have a high-speed internet connection.

  1. Use a computer that was built in the 21st century.

Windows 95 and Windows 98 were great when they came out, and the Pentium III was a fine computer chip “back in the day.” Those days are over. You need a computer with a Pentium 4 chip or better, at least 512 Megabytes of memory, a lot of disk space, and Windows XP Professional in order to take full advantage of the web and applications like Quicken and Microsoft Office. The good news is that computers are getting more affordable every year -- $1000 will get you a computer today that blows the doors off anything you could buy for $5000 five years ago.

  1. Update your Microsoft Windows patches regularly.

Microsoft is the largest software company in the world. Every hacker in the world wants to “get Microsoft,” and every security company wants to get the “cred” that comes with finding a valid Windows security flaw. Add to that the fact that Windows is huge and complicated, and thereby prone to errors. That adds up to software flaws that can allow hackers to compromise your computer. What to do? Use the Windows Update Service to automatically keep your computer up to date on their software system “patches” – updates that fix newly discovered flaws.

  1. Get your own Internet domain name and email address.

Having your own internet domain name, like “AskUncleMark.com,” gives you a permanent “location” on the web and gives your site credibility. With your own domain, you can set up email accounts on the domain instead of using free email providers like hotmail or yahoo, or AOL, adding credibility to your business. Companies like “GoDaddy.com” allow you to register and manage internet names and set up email accounts cheaply and easily.

  1. Get a high-speed internet connection.

If you are using a dial-up modem to connect to the internet, you are not able to use the web to its maximum. In fact, it gets frustrating. If you are in an area that offers high speed access, like cable or DSL, you should sign up. You will find that it will not only make using the portal a much better experience, but other sites, like your bank, will be much better as well.

  1. Using a wireless network? Be secure!

You can buy a wireless internet router for $80 these days. When you set them up, it is tempting to just open up the connection so that anyone can use it. Don’t! Doing so allows people you do not know to access your computer’s information with very little security. You should set up, at the very least, a “WEP” key on the device that you also have on your wireless laptop or computer. This encrypts the wireless traffic and keys out prying eyes. The router manuals are pretty clear about how to set this up, and Windows XP makes wireless relatively easy.

  1. Keep “Spyware” off your system.

Spyware are programs that collect and send marketing information to other companies. “Spyware” are programs that offer you some little service – the “Weatherbug” that shows you current weather, for example – that you install on your computer. From then on, information about what you do on the internet is sent to the spyware software’s company. The net result is twofold: One, your privacy can be compromised, and two, the spyware programs load down your computer to a crawl. Anti-spyware Programs such as Spybot and Ad-Aware can detect and remove spyware from your system.

  1. Don’t fall for Internet scams!

Email makes it really easy to send messages to people. In the blink of an eye, you can send an email to one million people, for virtually no money. Because of this, unsolicited email, also known as “Spam,” is a huge problem – in terms of wasted time, wasted computer resources, and offensive or illegal content.

Some criminals send out messages that look just like they came from a legitimate bank or other financial institution, making it look like your account will close if you do not “take action.” The email messages have a link to a site that looks just like the bank’s site – but it isn’t. When you enter your personal information – passwords, social security numbers, PINs, etc., they now have access to your accounts. Some victims have lost thousands of dollars from these thieves.

How do you avoid? There is no automatic way to avoid these scams. Just be wary, and if you have any real questions about an email from your “bank,” call them directly on the telephone.

  1. Back up your stuff!

This is number 10, but really it’s the first rule of computing. Always, always, always back up your computer’s information. You can never know when a computer’s disk will fail, or when a power surge will fry the motherboard, or when someone will spill a Pepsi on the computer. Back your stuff up, and all you have lost is time.

The backup medium of choice for homes or small businesses is CDs, and now you can get drives that can write to DVDs as well. Roxio makes a good program that helps the process of backing data up to CD or DVD.

The internet is an amazing phenomenon and has changed the way many companies do business. The tips above will help you get the most out of it.

Friday, April 15, 2005

Some "Base"-ics

In order to understand computers, some knowledge of math is, fortunately or unfortunately, required. You would think that computer designers would have hidden alot of the math from the people who use computers by now, but that is not the case. We have "32 bit operating systems" and "256 Megabytes of memory". In order to understand these terms and others, a "bit" (pardon the pun) of math knowledge is required.

If you have fifteen apples in a box, you have just that -- an absolute quantity of fifteen apples. However, there are a number of ways to write down the quantity "fifteen" on paper. You could write "15 apples." You could use Roman numerals and write "XV apples." You could do what I did and type out the words "fifteen apples." If you know that a standard "box of apples" always contains fifteen apples, you could say "one box of apples," just like a "dozen eggs" is always twelve eggs.

The point is that no matter how you represent the quantity of apples, you always have the same absolute number of apples: fifteen.

As noted above, we can use a numeral or symbol to represent the quantity "fifteen" in a number of ways. The numeral system we usually use for this is base ten, or "decimal" -- "15" means "fifteen" in base ten. What does base ten mean? It means that, going from right to left, each position in the numeral represents a quantity ten times the quantity of the previous position. In the case of "15", we have five "ones", and one "ten" -- "ten" is ten times one. Some examples:

234 = four "ones" plus three "tens" plus two "hundreds." One hundred is ten times ten.

4,567 = seven "ones" plus six "tens" plus five "hundreds" plus four "thousands." One thousand is ten times one hundred.

30,892 = two "ones" plus nine "tens" plus eight "hundreds" plus zero "thousands" plus 3 "ten thousands."

However, computers don't do well in the base ten world. Underneath it all, computers recognize only two things: "On" or "Off." Something is there, or not there. Computers are essentially a huge collection of switches that can either be on or off. Everything in a computer is represented by a series of "ons" and "offs." For example, in many computers the letter "A" is represented as "off" "on" "off" "off" "off" "off" "off" "on." The number "fifteen" is represented as "on" "on" "on" "on".

We as humans working with computers can't communicate to one another about computers easily saying lots of "ons" and "offs." That's cumbersome. Since there are basically only two positions for computer switches, computer designers chose to use the "base two" or "binary" numeral system to represent information on the computer. In the binary system, each position in the numeral is two times the previous position, not ten. So, you can only have two values in each position: a "1", which is "on," and a "0", which is "off." This makes it a bit easier to represent the letter "A" as "0100 0001" and the number fifteen as "1111".

"1111" is broken down as one "one," plus one "two" (two times one), plus one "four" (two times two), plus one "eight" (two times four) = fifteen.

Since computers can only work with "ons" and "offs", letters and other symbols must be encoded in binary as well. So, the letter "A" is "0100 0001" or sixty-five. Why sixty-five? It could have been anything, but in order to preserve sanity in the world of computers, the American National Standards Institute came up with the "American Standard Code for Information Interchange" or "ASCII" (pronounced "Ask-key) to provide a standard for representing letters, numerals, and symbols in binary. "A" ended up being sixty-five, or "0100 0001" in binary. "0100 0001" means "one "sixty-four" plus one "one."

Regarding the terms "bit" and "byte," "Bit" means "Binary Digit," and a "byte" is eight "bits." (Get it? Eight bits make a "byte" -- computer people love their puns. Half a byte, or four bits, makes a "nybble." I am not making this up). The number fifteen can be represented in four bits, and all of the bits are 1. The letter "A" is represented in eight bits, and the first and seventh bits (starting from the right) are 1.

A "byte," being eight bits, gives you two hundred fifty-six possible values (including zero), which, in the early days of computing, was deemed to be enough. Because of this, a byte is often the smallest piece of data you can work with on a computer.

One more thing, and then we are done for this lesson. As you can see, binary numbers can be quite long. In the example above, 1,048,576 is a very long 1 0000 0000 0000 0000 0000 in binary. Binary numbers quite quickly get so long that they get perspective. To make this managable, computer scientists invented the "Hexadecimal" (or "Hex") numeral system -- base sixteen. Instead of each digit from right to left being ten (decimal) or two (binary) times the previous position, each digit is sixteen times the previous digit. Counting from 0 to "10" in Hex looks like:

0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10

What is with the A, B, etc? Well, this is base sixteen, so there needs to be sixteen potential values for each digit. Rather than get fancy creating new symbols for ten, eleven, twelve, thirteen, fourteen, and fifteen, computer scientists, being engineers and not marketing types, chose to use the letters A-F.

So, 10 hex is sixteen, and 100 hex is 256 decimal (sixteen times sixteen), and 1000 hex is 4,096 decimal.

How on earth does this make computers "easier" (in a computer scientist-sort of way)?

Because a byte, which is eight binary digits, can be represented evenly in two hexadecimal digits. Fifteen is "15" decimal, "F" hex, and "1111" binary. Add one, and you get: "16" decimal, "10" hex, and "0001 0000" binary. A byte that is "all on" looks like: "1111 1111" binary and "FF" hex. Add one, and you get "0001 0000 0000" binary, and "100" hex. So, one hex digit represents four bits.

So, when you look at a number in binary like 1 0000 0000 0000 0000 0000, the number is easily turned into hex: 100000 hex. Likewise, a binary number like "0010 0110 1110" is "26E" in hex -- "0010" is "2," "0110" is "6," and "1110" is fourteen, or "E."

To differentiate between a hex number and a decimal number, hex numbers are sometimes preceded with a zero and small "x" -- 0x100 is 100 hex, and 100 is 100 decimal. So, "26E" is sometimes written as "0x26E".

Okay -- take a breath.

To recap:

Computers are essentially a large, large number of switches. These switches can either be "on" or "off." To represent these switches, computer scientists use the binary numbering system, where a "1" is "on" and a "0" is "off." Each digit in a binary number is called a "bit." A collection of eight bits is a "byte." To easily work with "bits" and "bytes" the hexadecimal numbering system is used, in which one hexidecimal digit represents evenly four binary digits.

The practical uses of this are all over computing. Everything, and I mean everything, comes down, eventually, to bits and bytes. Network addresses, encryption keys, settings for equipment, are all, at core, binary. As we move forward with newer and faster computers, your day-to-day activities will not always bring you face to face with, say "0xFF", but these values are there nonetheless, and if they do come into view, as they do with wireless networking, it is important to know about it.

Sunday, March 13, 2005

Another "Phish" Story

I received an email apparently from eBay asking me to update my billing records. Clicked on the link (clicking is not a problem, as long as you have good virus protection -- you do, don't you?), and got a very eBay looking web site asking me to log on with my eBay user name and password.

It is a fraud. The email was mailed from Korea, and the real internet address was registered in Korea. Had I continued, they would have had my eBay information and probably credit card information as well. There was not much there to make me suspicious.

Once again, beware of all emails asking you for any personal information. Don't take the "phish" bait!

Thursday, March 10, 2005

Wireless Networks

I have just been spending the last few days working on configuring a wireless network here at work. Wireless networking is becoming ubiquitous, from $60 wireless DSL and Cable modems for home and office use, to "hot spots" at airports and coffee shops, to whole cities offering wireless access to people with wireless-enabled computers.

The main conclusions I have drawn are:

1. To do it wrong is extremely easy. Just plug it in, and it works -- but it is now open to everyone.

2. To do it right is, basically, rocket science.

It is not easy to set up a wireless network correctly. What is "correctly"?

A. It has to be secure. Only people you want to connect to the network should be allowed to connect to the network.

B. It has to be easy to use. The security you select cannot get in the way of the people using the network.

C. It has to cover the area you want covered. If you are in a small home or apartment, this is not an issue. If you have a large home or a business, then all sorts of issues come into play.

The main message or this posting is:

Do not just buy a wireless network router/modem and just plug it in. If you do that, you might as well not have a firewall.

You need to configure it to have some sort of security, at least. Uncle Mark will give you the skinny on how to do that shortly.

Sunday, March 06, 2005

The Computer

What is this thing, this "computer", that you are using to read this 'blog? There is a lot of confusion out there about computers: what they are, and what they can and can't do.

So, let's talk about this. Ultimately, a computer is a machine that calculates or computes. A calculator is a computer, for example. So is an iPod, that wonderful music-playing device. However, when we say computer these days, we are talking about either desktop computers, notebook computers, and computers that run websites or allow you to access data (these are called "Servers" because they serve you).

What are the components of a computer? They are:

  • A Central Processing Unit (CPU) -- the "chip" or set of chips that performs the actual calculations.
  • Usually, sub-processors that take some of the load off the CPU. Graphics processors and certain communications systems do this.
  • A place for these programs to reside when they interact with the computer, and a place to store the information being worked on: Memory.
  • "Devices" with which the CPU communicates.
So a computer is a box containing a chip or set of chips that reads instructions and data from memory, and interacts with devices, and usually, people.

What are these "devices?" Anything the computer communicates with. They include:
  • Disk drives, which provide a semi-permanent place to for programs and information to reside when they are not directly interacting with the CPU.
  • CD, DVD, tape, and other removable-media drives. These allow you save your checkbook files on a CD, for example, in case the computer gets damaged.
  • The computer screen (called a "monitor" because it allows you to monitor what is happening to and with the computer).
  • The keyboard and mouse.
  • Speakers and microphones (or more likely, the "sound card" that the speakers and microphone are attached to).
  • "Modems" which allow you to use a normal phone line to get an internet connection.
  • Network Adapters which allow you to connect your computer to a Local Area Network ("LAN"). These can be wired or wireless.
  • Printers, scanners, fax machines, iPods, telephones, and digital cameras.
  • USB (Universal Serial Bus) or Firewire (aka IEEE 1394) jacks, which allow you to connect to printers, scanners, etc.
  • "Bluetooth" wireless cards, which allow you to connect to printers, scanners, etc., which also have bluetooth cards. This gets rid of some of the wires hanging out of the back of the computer.
These are examples of the most used -- but there are many, many types of devices that a computer can communicate with.

All of the above are "hardware," so-called because they are... hard! Drop one of those monitors on your foot, and you will see what I mean.

Computers need to be told what to do. They need programs and applications. A "program" is a set of commands that tells a computer what to do. A set of commands that tells the computer to display "hello, world!" on the monitor is a program. An "Application" is a coordinated suite of programs that allow you to perform a specific function on the computer -- like write books (word processors), calculate loan payments (electronic spreadsheets), and store sales information (databases). Microsoft Office is an application, as is Quicken. Certain games can be considered applications -- the smaller ones would be programs.

Programs and applications are called "Software." "Back in the day," computers were programmed by connecting wires from one jack to another, sort of like what telephone operators used to do. The wires were flexible -- soft. Hence, "software."

The core program a computer runs is an "operating system." Current operating systems include the Microsoft Windows family (Windows XP, Windows 2000, etc.), Apple's OS X for the Mac, and Linux. Linux is in the realm of hard-core computer professionals and enthusiasts. As it said on the old maps, "Here be monsters."

The operating system (or "OS") is started when the computer starts up. The computer contains a small loader program that looks for the OS at a particular place. When you start your computer, and the computer's brand name shows up on the screen, it is running this loader program. If the computer finds the operating system, the operating system starts up, and everything moves along fine. If the computer does not find it, it just sits there and hums. Sometimes it will tell you it can't find it, and then sit there and hum.

The operating system lays down the rules. The OS defines how the computer operates. It defines how programs run, how information is stored, how the computer's memory is used, how the computer interacts with devices. The same computer can run Windows or Linux, for example. When the computer is running Windows, it looks and acts completely different from when it runs Linux. Each operating system has very different rules.

All other applications and programs run "on top of" an operating system -- they cannot be run independently from an operating system. A program written for Windows follows the rules laid down by Windows. A program written for OS X follows the rules for OS X. Because of this, a program written for the Apple Mac will not run on a PC running Windows (or Linux, for that matter!).

In the case of Windows, the "Start" menu is part of the operating system. This is how you usually select the application you want to run. OS X and Linux do not have a "Start" menu -- they have different rules.

So, a computer is a box that contains a CPU and memory, contains and is connected to devices (like disk drives, keyboards, and monitors), runs an operating system, and allows you to run programs and applications.

Everything else about computers is details.

Saturday, February 19, 2005

Web Browsers

A Web Browser is a computer application that allows you to read web pages. The Internet Explorer (IE) is Microsoft's web browser.

Microsoft has embedded IE into their Windows operating system. An operating system (OS) is the core system that lets you interact with the computer. Windows XP is an operating system, as is Linux, Apple Mac OS X, and others. Microsoft decided that the internet was so important that it linked the IE web browser into Windows. This was a controversial move when it happened, but that is what happened. The result is that many web site designers designed their web sites to work well with the Microsoft IE browser. Some (but thankfully not all) will only work with IE.

Therefore, you need to have IE installed and regularly updated if you plan to use the web. The current version is version 6.0 with a large number of security patches added to it.

IE is the de facto standard for browsers because Windows is the de facto standard for operating systems -- almost everyone has IE, and no one can get rid of it. However, it is good software. You could go on your merry way and use IE and be happy, as long as you update it diligently.

But, you are not limited to using IE.

A few months ago, the Mozilla project released Firefox 1.0. Since I tried it, I use it for all my web browsing except where I must use Internet Explorer.

Why?

It is fast.

It is written with security in mind -- no "pop-up" ads unless you want them. Easy to manage security settings.

It allows "tabs" for browsing, in which you can open several web sites and easily move from one to the other by clicking on its tab.

It allows for better organized bookmarks of your favorite sites, and "smart bookmarks" for bookmarking and automatically updating your news feeds.

It has a clean design. It is easy to use.

It does not have the vulnerabilities IE has to viruses, if only because an army of hackers are more focused on IE.

Check it out. Highly recommended.

Google

If you need to find out anything, "Google" it.

Internet search engines are amazing in general. A "search engine" is a system that opens as many web pages as it can, and logs and indexes what it finds, allowing people to find web sites. And then, they do it again, and again, because web pages come and go, and get updated, or go away.

Of the search engines out there, Google (www.google.com) is, to my mind, the best. They provide an index of what is out there, and they also "rank" the importance each page they search by seeing if other sites refer to it. It is called "PageRank" and is explained at their site.

The bottom line is that while it does not cover the total vastness of the internet, Google will find you information on anything you would ever want to know.

You can also "Google" people -- try yourself! You can look for old friends, colleagues, school mates, future bosses. It is interesting what you can find -- sometimes scary.

Google has this so taped that it is now bordering on a generic term -- like Xerox or Kleenex.

Highly recommended.

Tuesday, February 15, 2005

E-mail Hoaxes Redux

Just a note on how long some of these e-mail hoaxes stay alive. A close aquaintance forwarded an alarming e-mail that turns out was a hoax. The hoax started in 1995 -- ten years ago. Some things never die!

Wednesday, February 09, 2005

Scams and Hoaxes

I really don't want this blog to be about internet security, it's just that right now, it is a big issue. There are a lot of criminals out there trolling for the technically unwary. They have no shame.

I received this e-mail last week:
===============================
Subject: I AM A VICTIM.

DEAR PATTERSON,

I write you this mail with sorrow and tears in my eyes. I do not mean to bother you with my problems but I am most disturbed and I have no other choice than to look for help from some one who is compassionate and have the milk of human kindness. I am not also writing to demand for any thing materialistic in whatever form from you, but I am writing to present to you a business proposition, which you shall profit from only if you decide to help me. I am wife to Mr.Samuel Ashaun,a Ghanian and a very successful international businessman, philanthropic, politician and a community deveoper. My late husband was an importer of certain commodities of which he alone has the sole patent right to bring into Ghana. He has traveled far and wide all his life while doing his business. He was also into business collaboration with so many friends all over the world and whatever he lays his hands turns out to be Gold. We (me and my daughters) were quite comfortable when he was alive and we never lacked anything. I am writing you to solicit your assistance because I lost my husband to the Tsunami Disaster that just happened some times back. He was on one of his business trips to Myanmar, in South East Asia when the disaster occurred. Me and the family members were worried when he did not come back as at when due, we sent messages to his business associates abroad but no one answered, we virtually sold everything he owned in an attempt to locate him, we even had to result to borrowing because I do not do anything here, I am just a permanent house wife. When we were not getting any news, we gave up until later when we realized he died in the disaster. Life has not been same for my daughters and me since then. In Africa where I come from, the Male child is regarded as very important while the female is regarded as nothing and less a human being to the male. Since I did not have a male issue for my late husband, his family relatives, kiths and kin has taken over and inherited his things that are left and even driven me and my daughters onto the street with nothing. We are starving and there is no one to help, no shelter and no money or food for us. My daughters has quite school because I cannot pay their school fees. I am now a poor widow. It is so painful to know that the funds being raised to help the victims of the disaster is mainly for the countries affected and not for people with my kind of plight and bad luck. It's so painful to know that no body remembers women from other part of the continent that are made widows by the disaster. I am writing you to help me. Last week, my late husband lawyer came back from abroad with vital information relating to the fact that my husband deposited a sum of Eight million,seven hundres thousand U.S. dollars in a foreign account which will pass onto me and my daughters in the events of his death, I was not aware of this. The lawyer told me he instructed him to let me and my daughters know this only in the events of his death. He did this because of the nature of his business, which involves a lot of traveling. The problem now is that i do not want his family members to know about this development in order to prevent them from bouncing on the money again as they did his properties here. This can be prevented only if the money does not come here. I do not want the money to come here. I am looking for who will help me receive this funds into his/her account overseas so that I can come over there after the money is transferred. The lawyer says we need a foreign account where the money will be received and I do not have any and cannot afford to open one from here. As the money overseas has not been legally made mine, I do not have access to the money yet. The lawyer has documents that will make the transfer of the money to you very easy. I am writing you to please help me receive this money. I promise to give you a negotiable percentage of the money and this percentage that you will get will be discussed when you have received this money from the fiduciary agent abroad. This was why I said I am making you a business proposition. I just hope you will not abscond with the money when you get it. Please help my daughters and me for this is our only lifeline in life.~ You are to reach me with this E-mail address if you want to help me <[deleted]@yahoo.co.uk> I will reveal to you further details when i hear from you. I expect to hear from you soonest.

Thank you.

Yours truly,

Mrs.Grace Ashaun.

=====================

Heart-wrenching, no? The Tsunami barely has a chance to dry, and we get this. This is a scam. This letter is akin to those letters from "barristers" in Nigeria trying to locate "next of kin" to people who died in a car accident leaving millions to be split with -- well, you.

I am posting this as an example of these things -- they are all over the place. Do not take the hook. Any time you get an e-mailed plea for help, usually because of some truly horrific and sad thing, and which promises you a cut of millions of dollars, realize it is a fraud.

Similarly, any time you get alarming messages from your bank via e-mail, realize that it is not your bank, really, but someone trying to scam you. I mentioned this before, but these are truly alarming, and the warning bears repeating.

Other types of bogus e-mails include hoaxes -- someone sends an alarming message saying, for example, that there is this truly horrific e-mail virus that is being spread that can't be detected by anti-virus software, and that you should delete such-and-such files, and forward the alarming message to all of your friends and family.

Another hoax is an alarming e-mail about some social injustice and that we need to bombard someone's e-mail address with protests about how rotten this injustice is. Usually, the injustice is not real, or is disrelated to the person being emailed. The person being bombed by e-mail is probably the ex-girlfriend who dumped the loser that started the hoax.

The common denominator to these is "alarming e-mails." When you get an alarming e-mail, one that seems odd or hard to imagine or improbably profitable, it is virtually always a fraud or scam.

Caveat surfer - Let the web surfer (and e-mailer) beware!

Tuesday, February 08, 2005

Google Maps Beta

Google has a new web map system, rivaling Mapquest, etc. Very, very cool stuff. Rather than listen to me talk about it, give it a try.

Monday, February 07, 2005

Phishing and a New Risk

You need to be careful when using the internet. There is yet another problem that has reared its ugly head, because we are "not there yet."

Slashdot.org is a highly, highly technical website. Their motto is "News for Nerds. Stuff that Matters." That should be a clue that unless you are truly a nerd or have nerdish tendencies, you need to stay away. However, in an article today on slashdot.org, yet another exploit has been unearthed. Hackers can now create fake web addresses using an alternate code. This code looks like a normal address, but is actually referring to something else. The article uses Paypal as an example. The code "p&amp; #1072;ypal.com" in this "Punycode" International Domain Name format is not the same as "paypal.com" in the normal code (UTF 8, or Unicode Transformation Format). This code "Punycode" form is shown on the screen normally, i.e., as "paypal.com", but goes to an entirely different place.

Blah, blah, blah, you say? Well, yes, except that if a hacker can create a normal-looking web link to a fake Citicorp or Bank of America web site, then you are at serious risk. It enables "phishing", the practice by hackers of trying to fool you into giving them your passwords and other private information. They can make the fake site look just like the original, except that they are stealing from you.

What can you do? Basically, phishing is really a risk for dealing with financial web sites, or internet provider web sites. So, when you are going to your bank or ISP (Internet Service Provider) websites, type the address directly into your browser. Don't go there via a link in an email message, or a link on a web site.

And, as always, treat the internet with respect. Realize that the moment you connect to the 'net, you are strolling on the wrong side of the tracks.

Resources -- Gibson Research

Steve Gibson of Gibson Research's web site is a fount of information. He is technical, but thorough. "Shields Up" is his firewall tester -- he probes your computer (with your permission, of course), and then scares the heck out of you with what he finds. You will "get religion" when you use this.

This is a good reference.



Tuesday, February 01, 2005

E-mail Spoofing

E-Mail is a very untrustworthy medium for communications. There is no real security on it -- anyone can send a message and have it say it is from anyone else, like "gwbush@whitehouse.gov", for example. This is called "E-Mail Address Spoofing."

In your email program, you can say what your name is, what your e-mail address is, and the e-mail address that the reply to the e-mail goes to ("Reply-to" address). You can put there whatever you want.

I used one of my email accounts to show you how it works. I set up the e-mail account to say that I am "Sam Spade," and my e-mail address is "spade@privateeye.com", and the organization I represented is "Sam Spade, Private Eye." Then, I sent an e-mail to the "AskUncleMark" e-mail address at gmail.com. Here is what I got:

=======================

From: Sam Spade
To: AskUncleMark@gmail.com
Date: Tue, 01 Feb 2005 22:26:11 -0800
Subject: Test of spoofed email address

=======================
Hey, will you look at that! Sam Spade sent me an e-mail! Easy as that. Anyone can do it.

Each e-mail has "e-mail headers" that contain information about the e-mail. There is nothing in the e-mail headers that indicate my real e-mail address. Who I say I am is totally disconnected with my real e-mail address. Everything says I am Sam Spade from "Sam Spade, Private Eye." The only clue there is that all is not as it seems is that the message was received from "earthlink.net" instead of "privateeye.com" and you can see my internet address. You have to look hard to see it.

In real-world terms, it is like putting the wrong return address on a letter. You have no idea who really sent it.

Scammers and virus-writers take advantage of this weakness.

Scammers say that they are e-mailing you from your bank, and ask you to "fix a problem with your accounts," and redirect you to an official looking, but fake, web site that captures your login ID and password. They then have access to your real account. This is call "phishing" and is rampant.

Virus writers use email to spread their virus via email, by sending the virus to people in your address book, with spoofed from-lines taken from other people in your address book. So, if you have "Joe" and "Mary" in your address book, the virus will send the virus, using your account, to "Mary" with "Joe" in the from line, and vice-versa. This makes it virtually impossible to trace where the virus really came from, and jeopardizes the relationship between Mary and Joe.

Because of this, here are some guidelines when working with e-mail:

1. Never assume that the e-mail is really from who it says it is from. Be skeptical.

2. If a strange message is apparently from one of your friends, realize that they probably didn't send it. It is probably a virus-sent message.

3. Always, always, always assume that an e-mail asking for any login IDs, passwords, account PINs, or personal information is fake. If a bank has a problem with your accounts, they will either call you, or send you a real letter, or both. They will not e-mail you. Even if they do e-mail you, don't e-mail them back, call them, if you think there might be a problem.


Sunday, January 30, 2005

More on What You Need

My friend Larry, aka Eclectrix, had commented on the What You Need entry, and made some points that I think it makes sense to address.

1. Windows XP Professional (XP Pro) is the way to go. Windows XP Home Edition has been hobbled. I agree -- Get XP Pro. Software companies put their best efforts into the business versions of their software, and tend to "dumb-down" their consumer versions.

2. He mentioned an issue with Windows XP Service Pack 2 (SP2) in which "Microsoft is trying to take too much control of the machine or something." Frankly, I think that you are going to run Microsoft software, or not. If you are, you need to trust them to a certain degree. SP2 is such a significant upgrade that it is required if you are to run XP. If you don't want to run Windows XP, get an Apple or go full-on techno-nerd and go Linux.

3. He has an issue with Automatic Updates being Automatic. Sometimes an update breaks something. I full agree with him on that, which is why I mentioned that a fully funded Information Technology department should review updates prior to distributing them. That is their function. To review all releases prior to applying them is a full-time job, and takes up a lot of attention. The average non-technical user really can't do this, and will not do this. So, if the updates are not automatic, the updates will not get done, and their computer is in grave danger of being hacked. This is not good. So, unless you are a professional, do not try this at home. Just turn on the auto-update.


Saturday, January 29, 2005

What You Need

In order to use a computer and the Internet, you need to understand a couple of things:

1. You can't do it "on the cheap" unless you are a severe nerd (or at least have nerdish tendencies) and can build your own.

2. You need to know that the Internet is made up of the best and worst of mankind (see posting on the Internet), and that you must armor up accordingly.

3. Computers are not "there" yet. It is still too hard to use these things. You can own and drive a car without ever opening the hood, or having the foggiest clue about whether the thing runs on gasoline, diesel, hydrogen, or electricity. But, a computer -- that's a different matter.

4. If a computer, therefore, ever crashes (stops working, locks up, freezes, chokes, whatever), it is fundamentally not your fault. It is the fault of the system designers who designed the programs you are running, and the programmers that wrote them. (This, of course, presupposes that you are not dunking the computer in water, or using it for target practice - tempting though that may be).

5. A computer virus is a program that some twerp wrote (or stole) that propagates itself from one computer to another, and usually does some damaging thing to the computers it infests. It does this, usually, by exploiting programming errors and bugs in operating systems (Microsoft Windows, really), e-mail clients (Microsoft Outlook), desktop applications (Microsoft Internet Explorer and Microsoft Office), and database servers (Microsoft SQL Server. You might see a trend, here). It can also do this by exploiting the generally open and trusting internet protocols.

6. You can mitigate against errant code and malicious viruses by setting up your computer system appropriately.

With these basic maxims in mind, what do you need?

First, you need to decide if you want to use Microsoft Windows or an Apple Macintosh. Uncle Mark does not really "do" Apples (I like them, but I am not an expert), so we will talk Windows here. You can also choose Linux, but if you choose that (at least at this writing), then you don't need me to tell you what to do. If you don't know, you'll never get it running. So, Windows it is.

Rule 1: Run Windows XP, Service Pack 2 or later. Just do it. If you have Windows 95, Windows 98, or Windows NT, realize that they are obsolete. Windows 2000 is okay, but Windows XP is better. If you have Windows XP but it is not Service Pack 2, upgrade now. How do you know? Open up "My Documents" and go to the Help menu, and choose "About Windows." If it doesn't say somewhere in there "Windows XP" and "Service Pack 2", you need to get upgraded.

Rule 2: If you have a computer that cannot run Windows XP, it is time to retire it. If your computer is four years old or older, it is time to let go. Basically, almost any new computer that you can buy for $800 or more will do.

Rule 3: Get DSL or Cable or Satellite if you can. This is called "Broadband." Dial-up, i.e. using a modem, is slow.

Rule 4: Use a DSL/Cable router to connect to the DSL or Cable modem, rather than have the modem connect directly to your PC.

Rule 5: Always, always, always have a firewall in place. A "firewall" is a piece of communications software that runs on your PC, your DSL/Cable modem, or on a separate "appliance" that inspects, monitors, and outright prevents unwanted internet traffic from hitting your computer. Absolutely required. Windows XP has a firewall built-in. Windows XP Service Pack 2 has it turned on when you install it.

Rule 6: Always, always, always have virus control software in place on all your computers. Some firewalls have virus checking built-in.

Rule 7: Always, always, always have your virus control software check for updates daily.

Rule 8: Have Windows Automatic Updates check for updates daily, and automatically install them. Unless you have a business with a nice, fat Information Technology budget and network administrators to spare, you don't need to test the update first. Just assume that if Microsoft releases a bug fix (which is what these are, really), then you need to install it. You should know that the minute Microsoft announces a bug in Windows or one of its other programs, lowlife virus writers kick to life (if you can call something that low "life") and race to create a virus that exploits that bug. The update fixes the problem, so stymie these guys, and install the update. To do this, go to the Control Panel and then load the Security Center, and choose Automatic Updates.

Rule 9: Keep all your other software updated, as well. If you have Microsoft Office, or Quicken, or other programs, keep up to date with them.

Rule 10: Limit your use of software that is free but advertises to you. Some of these have trackers that track your use of the internet, and some just plain take over your system. These are called "Adware," for Advertising Software, and "Spyware," for software that spies on you. Microsoft has a new anti-spyware application in beta that helps get rid of some of these. There is also Ad-aware and Spybot. For really effective spyware killing, you need to run all three. And even then, unfortunately, some spyware can survive the onslaught.

Rule 11 (Some might call this rule 1): Always back up your data. Back up your documents and other data files to CD regularly. You need to have a CD writer on your computer. This is required. You don't necessarily need to back up your applications, unless you downloaded them and don't have installation CDs.

That's enough rules for now. This is an awful lot all at once, and some will need elaboration (which virus software, for example). Do the above, and your computer will be armored.

How do I comment on an Ask Uncle Mark Entry?

"Stymied" from Pasadena asks: "How do I comment on a post on your blog?"

Well, Stymied, here's what you do: the number of comments made on an entry is located at the end of of the entry. If you click on it, you will be taken to the "comment" area. To post a comment, click on the "Post a comment" link.

I do not allow anonymous comments to this blog. There is a class of low-life called "spammers" that looks for random blogs, and post "comments" that are unrelated, and are really advertisements. So, I ask that if you wish to comment, you join Blogger, which is the friendly service that makes this blog available to you. If you are not a member, join up.

Then, comment away!

Alternatively, you can e-mail me at AskUncleMark @ gmail.com

Friday, January 28, 2005

Feed access to this Blog

"Can you Email me when you do a new post or is there a way to sign up to be notified through blogger.com when you post something new?" Signed: Perplexed Realtor in Hawaii

Dear Perplexed,

If you notice on the right, over there, a little "XML" icon. That contains the address of our news feed for this blog (http://feeds.feedburner.com/AskUncleMark). This allows a news reader or news-enabled e-mail client to read this Blog like a news item.

There are a number of news readers around. You can use the "Live Bookmarks" feature of the Firefox web browser (more about Firefox in another entry). You can access news feeds in "My Yahoo" (which is pretty cool). You can access them using the Mozilla Thunderbird e-mail reader. Or, you can use a dedicated news reader, like Sharp Reader or Feed Reader.

Then, when a message is added to the blog, you will know!


Thursday, January 27, 2005

Excellent Web Dictionary Source

There are a lot of dictionaries on the web. There is one place that is your conduit to all of them: Onelook (http://www.onelook.com). Onelook has the usual links to English dictionaries, but also looks your word up in technical, business, and other specialized dictionaries. Highly recommended.

Announcement Emailed to Friends and Family

It is now official, and I am on the hook!

Here is the mesage:

All,
I have created a new "blog" called "Ask Uncle Mark", which is a place to get info on computers, the internet, and how to use them. I've worked on a few writing projects over the years, including the Computer Primer in '86 and the SandBlast in 2001, and I wanted to get some of this actually published and out. It is a way to write up my hat, as it were, and spread the joy and the knowledge about computers and all the wonderful problems and pains that go with them.
The blog is at: http://AskUncleMark.blogspot.com
If you have news feeds, like "RSS" or Atom, you can get the feed at http://feeds.feedburner.com/AskUncleMark
If you don't know what a feed is, stay tuned to AskUncleMark! As I figure it out, so I will pass it along.
Check it out. I will be adding more, including a profile of me, and hopefully a search capability. If you have questions, email me here, or at AskUncleMark@gmail.com. If I can answer them, I will post the answers on the blog. If not, I will sulk, probably...
If you find it useful, let me know, and spread the link around to your friends and family. The purpose of this is to help people out.
Thanks,
Mark

Wednesday, January 26, 2005

Embedded Links in Outlook

I had this ongoing problem with creating a link in an email message to a network directory, and I decided to tackle it today. The problem is this: if you have a directory on your network that has a space in the name, Outlook would screw up the link.

For example, if you have a server called "Server1" and a share (shared directory) called "MyFiles", Outlook will put it properly into the message if you type:

"\\ Server1 \ MyFiles"

(Please note: I am separating the backslashes - "\" - with spaces to keep this blogger from thinking the link is real.)

If you click on it, you will get the directory.

The issue comes in when you have a share called "My Files" (with the space). You have:

\\ Server1 \ My Files

with the link messing up and ending at "My," which is right before the space.

The answer: Encase all links in Outlook with angle brackets ("<" and ">"), like this:

< \\ Server1 \ My Files>

This ensures it is embedded properly. Took a while to find this in help, but there it is.


The Internet

The Internet contains all that is good and great with the world, along with all that is cruel and evil in the world, and it has it all here and now.

In the real world, there are museums and libraries and schools and the local grocery store, and these places are physically separate from jails and brothels and devil worshipers and porn palaces. On the Internet, they are all in the same place: on your computer in your home or office. Your computer is your instant pipeline to all of this.

You need to understand this when accessing the internet. You are only a click away from some pretty gruesome stuff. Open the wrong email, click on the wrong link, take the bait on a bogus web site, and all of a sudden, you are wandering in the wrong neighborhood, with thieves and rapscallions poised to pick your pocket or mug you or your computer.

When your computer is connected to the internet, even if by dial-up modem, your computer can potentially be connected to by any other computer on the 'net. That includes computers programmed by people trying to break into your computer, either to steal your private information, or to spread a virus, or to take command of the computer for various nefarious purposes, such as aiding in an attack on someone's web site. Your computer could just be sitting there, apparently doing nothing, all of a sudden some kid hijacks it to save stolen music files or worse.

This is not meant to scare you. You just need to know it, and act accordingly. There are actions you can take (must take, really) to safeguard your computer and your information. The specific actions will change as the threat changes, but one thing is constant: you need to know that when you connect to the Internet, you are connected to the whole world -- the good, and the bad.


Email Address

I created a new email address for questions: AskUncleMark @ gmail.com

If you have questions about technology, the Internet, computers, or whatever, please email me.