A Day Late

Yes, I said HATE! I guess I could’ve made it more broad by saying I hate windows in general, but I really have a dislike for 98 in particular. I spent yesterday evening trying to setup a wireless network for someone. It was going smoothly until I went to install the PCMCIA card in a laptop with Windows 98. With experience from the past, I know all you can do is cross your fingers and hope the drivers install correctly AND work. More often than not they won’t and this time they didn’t. The install program would freeze at the end of the installation and no matter how many things I tried I couldn’t seem to get around it. I still haven’t given up on it, but recommended upgrading to 2000 or XP. Not a perfect solution, but I’m sure it’ll work.

I was a little surprised when I read an article this morning, to find Kevin Mitnick, one of the most well known hackers (or ex-hacker I should say), is running Windows and IIS on his servers for his startup security company, Defensive Thinking. Hmm…IIS and Defensive Thinking. Now that’s an oxymoron if I’ve ever heard one. I guess not being able to touch a computer during his incarceration and probation did more damage than I thought.

My Professor from last semester, Phil Windley, was featured in a local newspaper article about Wi-Fi security. It describes the wireless antenna he built out of a pringles can back in December, which he mentions here. He also commented on the article.

I didn’t find the article as interesting as I did the comments made about the article. Most people seemed to think the article would promote attacks on wireless networks. I’d argue that anyone capable of attacking a wireless network wouldn’t find anything in the article they didn’t already know. I think it was meant to make people aware that the neighbor kid next door is capable of snooping their insecure wireless lan, more than anything. If so, despite the authors lack of complete understanding of the technology, I think it served its purpose.

One person suggested solving the problem by enabling “WEP,” implying it was 100% secure. That was about all I could take so I decided to throw my two cents in.

As for myself, I admit to having a wireless LAN setup in my apartment and I have to say I love it. I love the freedom of being able to work on my laptop anywhere I want. I enabled WEP to keep away the casual leeches but I’m not under the impression it provides me with any security. I look at it this way. If someone wants to sniff my network traffic, fine. Any information I want private is encrypted and I’ve taken the time to make sure I don’t have any “open” network shares. So, for now, that’s good enough for me.

I’m anxious to build my own wireless antenna and sit in the courtyard of my apartment complex just to see what I can pick up. Actually, I’m right against the mountain so maybe taking a slight hike to get a better perspective on the valley would prove to be an interesting experiment. This probably won’t happen until after the semester is over though. Well, who am I kidding, I’ll probably end up doing it in the next week or two (priorities!!).

I read something earlier (can’t find the link now) that indicated the SQL Slammer worm’s effect on Europe wasn’t as widespread as it was in other parts of the world. It would be interesting to see what the Windows Server market share is in Europe compared to other places around the globe.

I also read this:

…The flaw was known and the patch was readily available so there are no excuses for the victims.

What exactly do they mean by victims? I’m assuming it’s directed at System Admins, but in seems like they weren’t the only victims. In my opinion the guy that couldn’t use the ATM was a victim. I was a victim in the sense that no one could access my linux servers because my ISP was out of service due to all the garbage coming from the MSSQL servers. Neither myself nor the guy at the ATM had anyway of preventing this from affecting us, which is what the quote seems to imply.

I’m also a little miffed at the implication that this was solely the result of System Administrators (notice the quote came from a Microsoft affiliated organization). As a Sys Admin myself I’m perfectly willing to accept it’s our responsibility to keep systems patched and up to date. Considering the patch has been published for 6 months I’ll agree, most of the blame should rest with lazy Sys Admins, under staffed IT departments, etc, but I don’t think that completely absolves Microsoft from providing systems that aren’t riddled with security holes. keep in mind the last major internet attacks (SQL Slammer and Code Red, Nimda) were results of Microsoft security flaws.

I had to go into work on a Saturday because of this stupid thing. So much for sleeping in. I’m not sure who I’m more displeased with, the person that wrote the worm or the developer(s) at microsoft that created the vulnerability.

I’ve been monitoring a discussion on the email list for the campus unix users group I belong to about how it’s innapropriate to include html in email messages. I think some people are a little over zealous about the whole issue. Yes, I understand a lot of people use pine and other such mail programs to read their email, and emails sent in html appear awful. Some of those mentioned have threatened that they “will not read any email with html in it and will delete it out right.” Hmm…well, ok, fine with me. In my opinion if anyone is losing by not reading the emails it’s them. I think it’s a little egotistical for them to think it’s the other way around. I guess it’s kind of pointless for me to complain about since I always send my mail in plaintext, but it’s some of the comments of those involved (on both sides) that irritate me. Esspecially when I have 30 new emails from people arguing (some emphatically) about stuff like this.

Lists are full of pointless arguments like these. There’s the people that argue vi over emacs, gnome over kde, and the list goes on and on. These arguments are so juvenile and pointless. Stating you prefer one over the other is fine, but when you take it to the point of insisting that your way is better is just ridiculous. Why some people can’t understand people ARE DIFFERENT and have different likes and dislikes I’ll never understand. Hell, if I had it my way there wouldn’t be AOLin the world, but I recognize that some people like it. I don’t understand it, but I accept it and throw away the 5 CD’s I receive each week, that’s life.

Related with these arguments you find a few people, who it seems, are hell bent on living in the past. They continue to use their preferred program or whatever they’ve used for the past 20 years, becuase it’s simple, it gets the job done and it’s what they’re comfortable with. I think that’s perfectly fine until inhibits progress. For instance, today you can find some of these people programming in languages that no one’s heard of on outdated systems (does the word “legacy” come to mind?). Sure they may work, but chances are functionality is limited and no end user wants to use the interface for them. With the dramatic increase of web and distributed applications, not learning current languages like Java, C++, Perl and others is essentially putting a not too distant expiration date on your marketability.
(more…)

Looking over my log files for the past few weeks I noticed quite a few error messages like the following:

Jan 4 17:22:15 COMPUTERNAME kernel: eth0: Transmit error, Tx status register 82.
Jan 4 17:22:15 COMPUTERNAME kernel: Probably a duplex mismatch. See Documentation/networking/vortex.txt
Jan 4 17:22:15 COMPUTERNAME kernel: Flags; bus-master 1, dirty 63257(9) current 63257(9)
Jan 4 17:22:15 COMPUTERNAME kernel: Transmit list 00000000 vs. f7817440.
Jan 4 17:22:15 COMPUTERNAME kernel: 0: @f7817200 length 80000036 status 00010036
Jan 4 17:22:15 COMPUTERNAME kernel: 1: @f7817240 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 2: @f7817280 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 3: @f78172c0 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 4: @f7817300 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 5: @f7817340 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 6: @f7817380 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 7: @f78173c0 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 8: @f7817400 length 800005ea status 800105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 9: @f7817440 length 80000036 status 00010036
Jan 4 17:22:15 COMPUTERNAME kernel: 10: @f7817480 length 80000036 status 00010036
Jan 4 17:22:15 COMPUTERNAME kernel: 11: @f78174c0 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 12: @f7817500 length 80000036 status 00010036
Jan 4 17:22:15 COMPUTERNAME kernel: 13: @f7817540 length 80000036 status 00010036
Jan 4 17:22:15 COMPUTERNAME kernel: 14: @f7817580 length 800005ea status 000105ea
Jan 4 17:22:15 COMPUTERNAME kernel: 15: @f78175c0 length 80000036 status 00010036

From what I came across it sounded like it was a problem with duplexing, either with my server or another system on the same hub. I wasn’t really convinced this was the problem. Finally I cam across a message that inicated it could be a problem with the network cable (particularly if you make your own, which I do). So, Saturday night I decided to break down and re-crimp both ends of the cable. This time I was extra cautious to follow the wiring diagram completely, keep my stripped covering at a minimum and get a good crimp on them. I plugged it back in and ever since, no error messages. Problem solved as far as I’m concerned.

One thing that did concern me. I used that same cable on a computer with windows 2000 for a year or two and never got any indication anything was wrong with the cable. From what I understand about the error it can be particularly nasty, because it can cause undetected data corruption. Soooo…for the year or two I used it on the Windows 2000 machine undetected data corruption could have been taking place, yet I wasn’t warned about it. Hmmm…that’s comforting to know.