Thursday, 31 May, 2001
Steve Gibson, creator of SpinRite, ShieldsUP, and a number of other tools over the last 15 years, suffered a Distributed Denial of Service (DDoS) attack on his web site (http://grc.com) over the first part of this month. The script kiddies fooled with the wrong guy. Steve is nothing if not a very accomplished hacker, and he put his considerable skill to good use tracking down the perpetrators of this attack and figuring out how they did it. His detailed report of the attack and its aftermath makes for very interesting reading. It's a very long article, but well worth the time.
The attack on the grc.com web site was performed by 474 computers that had been previously compromised and were running a "bot" that takes commands from a central server. The person responsible for the bots just had to give the command, and the bots started flooding grc.com with millions of TCP packets. This type of attack doesn't attempt to compromise the victim's computer or data--it just floods the site with so much data that legitimate requests can't get through. This type of attack is made possible by the structure of the Internet and the protocols used to communicate.
One of the most important statements that Steve makes (at the end of his article) is:
The days of an Internet based upon mutual trust among interconnected networks has passed. The Internet's fundamental infrastructure MUST BE SECURED before the Net becomes further threatened by increasing levels of malicious attacks.
I couldn't agree more. This is fundamentally the same issue as the spam (unsolicited commercial email) problem, and will require much the same solution. I'm convinced that it will cost anonymity, which is no big deal to me but will likely get some people all in a lather.
Wednesday, 30 May, 2001
In his web diary entry for May 26, my good friend Jeff Duntemann points out something that I either conveniently forgot or never really knew: Vigorous exercise increases your appetite, whereas moderate exercise reduces your appetite. Read Jeff's diary entry for the details.
This explains my limited success so far in attaining my goal of losing one pound per week. I've been steadily increasing my cycling speed; staying aerobic most of the time, but really pushing my body because I want to get faster. I vary my workouts to some extent, but for the most part when I'm done with a ride my legs are rubber and I'm ready to collapse. I've been working too hard, punishing my body (see my May 20 entry), and not achieving my primary goal, which is to lose some weight. Sure, I'm somewhat faster than I was two months ago, but not appreciably healthier. I'm working on a total rewrite of my training plan.
Tuesday, 29 May, 2001
Friday, 25 May, 2001
My brother sent me a note today about my May 17 entry. "I think I've been in Arkansas too long," he says. "When you mentioned enjoying wildlife in the area I did a double take on the word opossum. Then my brain said that IS the correct name. I've been referring to them and hearing them referred to as 'possums so long I'd forgotten that the name actually starts with an 'o'." I remember that when I typed the word "opossum," I half expected the spell checker to complain at me. Maybe I've been in Texas too long.
My brother also reminded me that an armadillo is nothing but a 'possum on a half shell.
I used to joke that armadillos don't really exist. The only armadillos I'd ever seen until about 2 years ago were either stuffed, or splattered on the road. I thought maybe they were props strategically placed on the road by the Texas Department of Public Safety for the tourists. "See, we have armadillos in Texas." But then I actually saw a couple of live ones when I was on a night mountain bike ride, so I can't believe the conspiracy theory anymore.
Tuesday, 22 May, 2001
Monday, 21 May, 2001
We got a good taste of Central Texas weather last night. A huge thunderstorm came out of the northwest about 9:30, carrying baseball sized hail, 60 MPH winds, heavy rain, and some reported funnel clouds (although thankfully no tornadoes touched down). We were fortunate enough not to get any of the big hail, but we got plenty of rain and the wind did some damage. It tore shingles from the house, the garage, and the pool house, scattered debris all over the yard, and tore a foot-thick limb from one of our oak trees. That broken branch made up about a third of the tree's upper canopy. The image at the left shows the tree from the front, where you can see the hole that's left in the tree's canopy. The image on the right is from the back, where you get a better idea of the size of the limb.
All told, we were fortunate. At least a half dozen large trees in the neighborhood simply fell over in the wind. That's not surprising, as the bedrock in some places is just a few feet under the soil. Most trees can't sink a tap root in this ground. Instead, many small shallow roots spread out over a large area. It's stable enough in normal conditions, but sustained 60 MPH winds with higher gusts will rip a tree right out of the ground. One of our neighbors had to start the chainsaw at 6:30 this morning to clear a path out of his driveway. I, too, got to start the chainsaw (as I'm fond of saying, "any day you get to start the chainsaw is a good day"). The larger pieces are now a pile of firewood, and the smaller limbs are ready for the mulcher.
Sunday, 20 May, 2001
Saturday, 19 May, 2001
Friday, 18 May, 2001
Book of the week (last 2 weeks, I guess--I've had little time for serious reading) is Forces of Habit, Drugs and the Making of the Modern World by David T. Courtwright. In it, the author gives a short history of psychoactive substances in society, and offers explanations of why some (alcohol, tobacco, caffeine) became largely accepted and others (marijuana, cocaine, and opiates) have become controlled substances. This book is especially interesting in light of what I learned from reading Guns, Germs, and Steel (see my March 29 entry).
I found the chapters on governments' drug addictions especially enlightening. Governments have a very difficult time with drugs. People like psychoactive substances (our national addictions to caffeine and sugar, for example), and get very upset when their access to these drugs is restricted. Governments also obtain considerable income from licit drug trade. Balancing the social damage (health costs and lost productivity) due to drugs with citizens' happiness and government revenue obtained from licit drug trade is a very tricky thing; witness our own experiment with Prohibition in the 1920's, Russia's attempt to curtail the vodka industry in the 1980's, and China's attempt to stop the opium trade in the 1920's.
My only complaint with the book (and it's relatively minor) is that the author is pretty heavy handed in criticizing the tobacco industry. I'll grant that the tobacco industry is hardly blameless (there are plenty of well-supported anecdotes in the book), but their tactics are no less deplorable than those of alcohol, cocaine, or opium industries both past and present. I would have preferred a more even handed approach--more exposure of all the industries.
Thursday, 17 May, 2001
It's fawning season (or is that calving season?) for the neighborhood deer. Last week my neighbor came home to find a doe with a new fawn in his yard. He got some video footage of the fawn's first steps. A couple of days later I scared a very young fawn with the lawn mower. This morning on the way to work, I saw a doe and new fawn in my other neighbor's yard, and let Debra know. She went over with the camera and got the picture to the left. Debra actually found two fawns. One was either stillborn or died shortly after birth (the one in the picture is the live one). Twins? Probably, as multiple births aren't uncommon with our neighborhood deer.
The deer are a mixed blessing. I like having wildlife in the neighborhood (we also have opossums, raccoons, armadillo, snakes, lizards, tarantulas, and roadrunners), but the deer eat most ornamental plants, and almost all of the food plants. Some of our neighbors set out deer corn for them, which I find obnoxious. Fortunately, nobody does that for long--feeding a herd of 25 deer can get rather expensive.
Wednesday, 16 May, 2001
Hybrid cars aren't really new, but they've just recently become available to the general public. Honda and Toyota have production models that you can order, and Chrysler and Ford have concept cars that are in various stages of pre-production.
The idea behind a hybrid car is very simple. A gasoline powered engine charges batteries that in turn are used to power the electric motor that actually propels the car. You can find a more detailed explanation here. (The HowStuffWorks site, by the way, is a fantastic place. If you ever wonder how anything works, look there first.) Hybrid cars use a number of techniques to operate more efficiently than traditional cars: lighter materials, more aerodynamic shapes, kinetic energy recovery (energy recovered from braking goes back into the batteries), and turning off the engine when it's not needed. The cars are viable transportation, and prices, though still higher than for traditional cars, are within striking distance. The Honda and Toyota models, for example, both list for about $20,000. They still burn fossil fuels, so they're less than ideal, but they're a step in the right direction. It'll be a few years before I need to buy another car. You can bet I'll keep my eye on developments in this area.
Tuesday, 15 May, 2001
So there's a bill in Congress that restricts unsolicited commercial email (UCE, or spam to the rest of us), and prescribes punishments for spammers. I'm less than excited about the bill for a number reasons. First because I have a mistrust of government regulation in general, and second because this particular bill has almost no teeth. My biggest objection, though, is that spam is something that the Internet community should be able to control without legislative intervention.
SMTP is a totally open protocol that lets anybody send mail to anybody else, with very few restrictions. There is little (if anything) done on the part of SMTP servers to verify that the sender is indeed who he claims to be. It's trivial to change the ReplyTo and ReturnPath fields in an SMTP header, and only slightly more difficult to supply a bogus address in the IP header. It's like telephone before Caller ID became available. And that's the root of the problem. If there was some way to guarantee the sender's identity, then spam would dry up because we'd just block all mail from known spammers.
How to do it? First, get people who operate SMTP servers to agree on a certification agency similar to the Verisign system. Each server obtains a digital certificate that it must present in order to send mail to another server on the network. In order to obtain a certificate, the applicant must agree not to originate spam or allow spam to be forwarded through the server. Most publicly accessible SMTP servers already prevent anonymous forwarding, and most ISPs require dedicated connections or user ID and password logins, so this wouldn't be a huge burden. Note also that this doesn't prevent people from using standard old SMTP if they want--they just won't be able to send mail to "certified" servers.
There's no technical reason why this system can't be put in place starting today. We'd get resistance from anonymity advocates who want the ability to send anonymous messages, but they have to make a choice: spam or anonymity. I'd prefer this to a legislative solution. The Internet community has to show that it is capable of policing itself, and controlling spam would be a perfect opportunity. If we require legislative assistance to control spam, we're showing that we are unable to police ourselves and inviting further and more intrusive legislation over the entire Internet.
Monday, 14 May, 2001
Sunday, 13 May, 2001
My sister Marilyn saw my May 2 entry about trying to lose some weight, and sent me an article from the June issue of Good Housekeeping magazine in which the author interviews Dr. George L. Blackburn from Harvard Medical School. In the article, Dr. Blackburn recommends cutting 75 calories a day, and burning an additional 75 calories through exercise. Done faithfully, you'll lose about 15 pounds in a year. It's not drastic weight loss, to be sure, but it's realistic and achievable, and you're more likely to keep the weight off once you've reached your target. As the doctor says, "If fast weight loss has failed you, why not consider this?" I'll second that.
In case you're wondering, the method described in the article relies on the same math that I used to figure my "one pound per week" weight loss program: 3,500 calories burned (or not taken in) for each pound of weight loss. It takes about 23 days at 150 calories per day (75 calorie intake reduction plus 75 calorie increased exercise) to make up 3,500 calories. There are 15 (actually about 15.8) 23-day periods in a year.
Saturday, 12 May, 2001
Every year my employer (Catapult Systems) takes all of the employees and their families on a day trip to an amusement park. The company rents busses to haul us there, pays our entry, and supplies lunch at the park. The last two years we went to Fiesta Texas in San Antonio. This year (today), we went to Sea World in San Antonio. The park is always fun, but I especially like the bus trip down and back. We usually put a movie in the VCR (these busses have ceiling-mounted TV monitors above some seats) and have a good time making fun of the actors. Last year is was National Lampoon's Vacation, and Ferris Bueller's Day Off. This year somebody rented Point Break, which provided many opportunities for Keanu Reeves to show why nobody thinks he's a serious actor.
There is a lot to see at Sea World. Debra and I saw the killer whales show (don't miss this one), a "Fools with Tools" skit starring two sea lions and an otter (dull except for the otter), and a stunt show starring dogs, cats, a pig, pigeons, and some ducks. The cats and dogs show was pretty tame, although I was amazed by the things they had the cats doing. We can barely get our cat to come in at night. I'll never again believe that you can't train a cat.
There are things to see besides the shows, too. There's an aquarium with many types of fishes, a shark aquarium, a penguin exhibit, a dolphin pond where you can feed and pet the animals, and assorted other things. There are some rides, too. Debra and I tried out the Steel Eel and Great White roller coasters--definitely worth riding. The park is owned by Anheuser-Busch (makers of Budweiser, Michelob, etc.). One area of the park contains a stables housing the Budweiser Clydesdales, and a "beer school" that has some historical information on the company and a class that discusses how beer is made. Not that I needed any help in that particular department...
All in all it was a very enjoyable day.
Friday, 11 May, 2001
You'd think there'd be a standard user interface for DVD movie menus. It's close: all of the movies I've seen so far have a menu that you can operate with the arrow keys and the Enter key on the remote, but the behavior of the menus is somewhat erratic. In general, you use the arrow keys to highlight the desired menu item, and you press the Enter key to go to that section of the DVD. Except sometimes hitting the right or left arrow will take you to the previous or next page. Sometimes. Other times the left and right arrows act like the up and down arrows, or they're used to move between the left and right columns of entries. It's all a bit frustrating when I'm sitting on the couch in the dark trying to navigate the darned menu. Do I hit Enter or not? If I move to an "automatic select" option and then press Enter, I end up selecting the default action on the page that was the target of the automatic option. Some DVDs aren't even consistent within themselves. Couldn't DVD producers have agreed on a common standard?
DVD menus are minor, true, and the consequences of hitting the wrong button aren't anything like what would happen if somebody swapped the clutch and brake pedals in my car. Still, I think people would be much more comfortable with technology if things of the same type worked the same way.
Thursday, 10 May, 2001
I've always had something of a feel for numbers, and the ability to quickly determine at least the magnitude of a calculation and one or two significant digits. This skill is something I learned and cultivated when I was younger, and I find that it slowly deteriorates if I don't use it often. I realize that not everybody shares my interest in numbers, but I don't understand many peoples' complete disinterest and total inability to perform even the simplest calculations beyond simple addition, subtraction, and multiplication. Division is "hard," so they don't know how or when to use it.
Examples are just too numerous to list. Ask 100 people on the streets if a million is less than, a little more than, or a lot more than a thousand. Or ask about the relationship between a million and a billion. The answers are truly amazing. Or ask for a quick estimate of the number of minutes in a day. Better yet, tell somebody that there are 10,000 minutes in a day and see if they blink.
These are just simple examples of innumeracy. The innumeracy web site addresses these and other problems with a focus on helping people to develop not only their numerical skills, but also critical thinking skills. The site is chock-full of very interesting reading.
Wednesday, 09 May, 2001
If you haven't seen The Thin Red Line yet, cross it off your list. From the previews, I was expecting a war movie on par with Saving Private Ryan. You know, lots of battle action and edge-of-the-seat stuff. Instead, it's a 3-hour yawn fest filled with pseudo-philosophical mumbling about the evils of war. Long lingering shots of soldiers drawing their last breaths while the main character looks on and mumbles some bullshit about eternity. Even the caricatures are poorly done: John Travolta's General is made of cardboard, Nick Nolte's ambitious Lieutenant Colonel is too self-centered and ambitious, Woody Harrelson's Sergeant is just dumb, and Sean Penn's First Sergeant is, well, bad even for Sean Penn. Perhaps the most disturbing thing is the notion that these were not supposed to be caricatures.
The movie suffers from a very bad case of trying to take itself seriously. Gah. And I thought My Dog Skip was bad.
The movie is based on James Jones' book of the same name, written in 1962. By all accounts, the book is excellent, although whenever I read reviews that say things like "This is more than a classic of combat fiction; it is one of the most significant explorations of male identity in American literature, establishing Jones as a novelist of the caliber of Herman Melville and Stephen Crane," I shy away. In my experience, critics like novels that are written for their rarefied tastes, most of which I don't share. In any case, the movie certainly didn't come across as a "significant exploration" of anything, least of all "male identity."
While I'm ranting...What is it with movies that spend millions of dollars on special effects in order to achieve "realism," but then totally forget about simple things like regulation haircuts? Here we are supposed to be in WWII, and most of the characters' hair would have qualified them as hippies to most of rural America in the 1970's. What's the deal? Do actors demand more money if they have to get their hair cut? Excuse me, Mr. Director (or producer, or casting agent, or whoever is in charge of this), but if you want to engage me in your fantasy, please make the simple things resemble reality. Otherwise I'm not going to swallow whatever other crap you're trying to shove down my throat.
Tuesday, 08 May, 2001
Much talk lately of President Bush's proposed tax cut. $1.6 trillion, $1.3 trillion, whatever. The numbers are big enough to be almost incomprehensible. The discussion has ranged all over the map, from "cutting necessary programs" to "a giveaway for the rich" and "a boost for the economy." You see alternatives every day, and reasons why the alternatives either won't work or are a bad idea. Every special interest group has an axe to grind, and few people step back and look at the situation objectively.
The most important thing to note is that the surplus everybody talks about doesn't exist. It's not like the Treasury department is sitting on a trillion dollars that it doesn't know how to spend. On the contrary, the Treasury is sitting on a debt of over five trillion dollars that it doesn't know how to pay off, but I'm getting ahead of myself. This tax cut is based on a projected surplus of some two trillion dollars over the next ten years, and is conditional on revenues actually meeting expectations (among other things). Even if Congress passes it--which seems likely at this point--I won't hold my breath waiting for an actual decrease in my income tax.
What surprises me more than anything else is the whole debate about what to do with a surplus. Let's see, we're five trillion dollars in the hole? Interest payments alone are costing us $350 billion per year, or close to 20% of the annual federal budget. Given a population of about 290 million, that's about $1,200 per person per year. The most effective use of any surplus would be to pay off that debt. In less than 40 years, we could lower taxes and have $350 billion more for our Congressmen to squander on pork barrel projects and stupid social programs.
I know, the idea smacks of fiscal responsibility, so the thought is anathema in Washington. Oh well.
Monday, 07 May, 2001
For years I've wondered about the possibility of using the human body as a source of electricity. We're continually carrying more electronic junk with us--watch, calculator, cell phone, PDA, GPS--and we're forever having to recharge or replace the batteries. Why? Shouldn't it be possible to use our own bodies as the power source, if not directly to power the devices, at least to recharge the batteries? I'm serious about this. You can get half a volt from a potato battery without even trying. I would expect that you could get more with better metal choices and a human body. A minor surgical procedure would implant slots where we could insert an anode and a cathode of the proper metals, and also a socket or two so you could plug things in. Yes, I realize that the anode material would end up in my blood, which is probably a bad thing, but you would think that we could find a way to eliminate that problem. Heck, it could even be fashionable. It would certainly be more practical than tattoos and body piercing.
Every time I mention this idea, I get that look, which means I'm either on to something or I really am a total nutball.
Sunday, 06 May, 2001
Sure enough, I got a minimal Linux system installed (after backing up my critical data) just in time to delete and reinstall a full system. My work on the Kylix book isn't entirely finished--we have to get the source code ready to post on the book's web site. Sure, I could manually install the X Window system and all of the required stuff, but I'm not ready to tackle that one yet. So repartition and reinstall SuSE 7.0.
My minimal Linux experiment will have to wait a while. Perhaps I'll find some desk space for my old 486 box, and install Linux there.
Saturday, 05 May, 2001
In addition to the vegetable garden, Debra planted an herb garden (in pots) just outside the back door where she can get to it quickly from the kitchen. The herb garden contains house leek, lime thyme, parsley, lavender, rosemary, lemon grass, lemon balm, catnip, curry plant, Mexican mint marigold, chamomile, chives, and amaranth. She also planted some ancho peppers in the herb garden because we didn't have space for them in the vegetable garden. I don't know much about the herbs--that's Debra's department. The only one I use is rosemary, which adds a distinctive flavor to grilled chicken or beef.
Friday, 04 May, 2001
Debra and I got the garden in a couple of weeks ago, and things are growing nicely. The garden beds shown are simple 4' by 8' boxes that I put together with 2"x12" lumber. The covers are just deer netting over 1/2" PVC pipe. The PVC hoops fit into pieces of 3/4" PVC that are attached to the sides of the boxes. Anchoring the deer netting is no problem, and it's stayed in place during some recent 30+ MPH winds. When we stepped back to look at the finished garden, we both thought we should have included another box. If we get ambitious this winter we'll empty the existing boxes, move them closer together, and add a new one.
Debra planted radishes, carrots, peas, cucumbers, several varieties of tomatoes and peppers (including habañero, picture at right), and several varieties of basil. The radishes are up and ready to eat. Yum! I'm ambivalent about the tomatoes, but am anxiously awaiting the cucumbers, peas, carrots, and peppers.
Thursday, 03 May, 2001
I've scaled down my Linux experiment just a bit (see April 30). Before I try installing from a downloaded image, I figured I'd better get a bit more experience with Linux so I'm not totally lost at the beginning. So I'm installing a minimum system from my SuSE 7.0 package. This will give me the kernel, all the utilities, and the tools I need to compile programs. From there I'll download, build, and install everything else that I need. That's the theory, at least.
There's a surprising lack of information on how exactly to create a minimal Linux system without getting a "distribution." The linux.org site has some good information on selecting and installing a distribution, and a comprehensive list of available distributions, but nothing on creating an absolute minimal Linux system. At least, I couldn't find it. Perhaps the way to go is to grab one of the systems that's described as very small (ZipHam, for example) and build from there. I'll probably try that next, after I've played around with my minimal SuSE distribution for a while.
Wednesday, 02 May, 2001
I put almost 600 miles on my bike in April, easily the most I've ever done in a single month. My longest ride over that period was the 62 mile Ride for the Roses on April 8, which was my first ride of the month. I'm slowly getting used to spending long periods of time in the saddle in preparation for an upcoming major distance effort.
In addition to time in the saddle, I'm determined this time to lose between 15 and 20 pounds, and keep it off. At 180 pounds, my Body Mass Index of 26.7 puts me in the "overweight high risk" category. My target of 165 would put me right at the high end of the "low risk" category. With my family history of heart disease, I need all the help I can get. Also, I wouldn't mind having 15 or 20 fewer pounds to haul up the hills. I was well on my way to losing the weight last fall, but then stopped riding for a couple of months and put it back on.
To lose a pound of fat, you have to burn about 3,500 more calories than you take in. Either you reduce your intake, increase your exercise, or both. If you shave 500 calories a day, you'll lose a pound a week. Considering that I typically drink three or more cans of Coca Cola (at 140 calories each) a day, all I have to do is kick that habit and I'm almost there. Combined with my increased cycling, that should put me at my target weight of 165 pounds by August 1.
Tuesday, 01 May, 2001
I got a flat this morning, about 10 minutes into my ride to work. As I was putting the new tube into the tire, my riding partner suggested that I take a better look at my tire, because the hole in the old tube was in the same relative spot as a previous patch. Closer inspection of the tire revealed a fairly nice sized hole in the tire--big enough that the tube under pressure could get pinched, which is what caused the flat. Just as I was getting ready to walk home (no way I was going to put a new tube in the tire), I remembered a trick one of my mountain biking friends told me about. A dollar bill folded in half once or twice makes an excellent temporary tire patch. Put the dollar bill over the hole, insert the tube, add air, and go. It's supposed to be temporary--just to get you home--but I figured what the heck and rode to work. I also rode home with it. I've considered leaving it there, but that's just asking for trouble. I'll have to replace the tire.
A better (and less expensive) temporary patch is Tyvek. Find an old diskette sleeve or FedEx envelope, cut off a piece about the size of a dollar bill, and put it in your seat bag or backpack. It weighs almost nothing, is stronger than the dollar bill, and it'll save you from a very long walk, especially if you're way back in the woods on your mountain bike when you damage your tire.