How To Subscribe and Unsubscribe is at the end of this note.
Mailing List Trouble? See http://www.langa.com/help.txt
Want an easier-to read formatted HTML version? See http://www.langa.com/whats_new.htm

Please email the LangaList to a friend! (Use this super-fast form!)

The LangaList

In This Issue:
Do You Smell Smoke?
BrowserTune 2000 Update
The Worst PC Idea Ever?
Special Tip> More On Cookie Coughing! <Special Tip
Worm Alert!
New Rules in the Domain-Name Game
The More the Merrier
A BackOffice "Doh!" Bug
Just For Grins
More!

Is That Smoke In The Air?

Nope---it's just my schedule going down in flames. My month of jury duty continues (see the "Just for Grins" section of  this note). And while it's been interesting, it's been a significant burden and I'm running way behind in my normal workload.

I've been using weekends to try to catch up on what's normally my weekday job. Alas, I normally write this newsletter on Sundays....

So, for the rest of February, I may have to postpone or skip an issue or two of the LangaLetter until things return to normal. (My term of jury duty ends on Feb 26th.) So if you don't get an issue or two, don't worry: I'll be back in the saddle as soon as I can.

BrowserTune2000 Update

I spent almost very non-empanelled hour this last week on the BT2K demo, and the basic plumbing is now working fine. However, the presentation of the information--the formatting and page sequencing---is still (ahem) primitive. I know how I want it to appear, but some JavaScripts quirks impose limits on what I can do, and I simply haven't had time to work it all out.

(You may recall that many portions of BT2K use JavaScript to provide full automated testing: Small JavaScripts start and stop the test, determining the run-order of the tests, perform any necessary calculations for you, and even keep score. So, having decided on JavaScript as a core part of BT2K, I now have to live with the consequences. 8-)  )

I can't say exactly when the demo will appear---the court schedule and my jury duty is a wildcard I can't control. I thank you for your patience, and apologize for the delay.

As soon as it is available, I'll post a notice in the LangaLetter, and I'll also post notes on the HotSpots page (http://www.browsertune.com/flanga/hotspots.htm) and the BrowserTune98 (http://www.browsertune.com/bt98/ ). Stop by regularly!

return to top of page

A Nice Addition to Cookie-Coughing

Last week, I told you how typing

javascript:alert("Cookie is: " + document.cookie)

in your browser's address or location bar will make the browser cough up all the information any site you're visiting has collected in a Cookie about you.

Reader Lloyd Folden (laf@planet.eon.net) took that a step further. He writes:

Hi! I really enjoy your newsletter. Informative and yet very enjoyable to read.

In your recent newsletter you mentioned a JavaScript to display a cookies contents. I thought that this would be handy to have around and developed the files necessary to have it in the general menu(right-click) in IE4. The first file is the HTML, I call it cookiealert.htm. This goes in the Web folder. The second is cookiealert.reg, which modifies the Registry to make the menu addition.

Cookiealert.htm:
------------------------

<HTML>
<SCRIPT LANGUAGE="JavaScript" defer>
alert("Cookie is: " + external.menuArguments.document.cookie);
</SCRIPT>
</HTML>

cookiealert.reg:

----------------------

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Cookie Alert]
@="C:\\WINDOWS\\WEB\\cookiealert.htm"
"contexts"=hex:01

I hope you find these useful.

Thanks, Lloyd! While this gives right-click access to current cookies from within IE, it won't work for Communicator/Navigator. Normally, I'd try to gin up a version for Netscape on my own, but I'm just too swamped now. Perhaps another reader can share a Netscape-specific hack with us. 8-)

return to top of page

The More the Merrier

ThankyouThankyouThankyouThankyouThankyouThankyou. 8-)

Hundreds and hundreds of you continue to recommend this newsletter to your friends via the easy-to-use, 60-second recommendation form at http://www.langa.com/recommend.htm#2.

Please don't stop! 8-) It's great to see the subscriber rolls grow! And there's always room for more readers! If you could take just literally one minute and recommend the LangaList to just one friend, I'd really appreciate it.

Thanks!

return to top of page

New Rules In The Domain Name Game

If you or your company own a web site, you should know that just last week, the quasi-governmental "Internet Corporation for Assigned Names and Numbers" moved closer to changing forever the ways that domain names are assigned.  

Domain names, of course, are the .Com, .Org, .Edu, and other suffixes used to distinguish different types and nationalities of web sites from one another.

Until now a US company has held what amounts to a sanctioned monopoly on the business of assigning these names: Network Solutions of Herndon, VA maintains the master databases that map Internet names to their real, numeric IP addresses.

Last year, the Clinton Administration authorized a nonprofit body to "to take over responsibility for the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions now performed under U.S. Government contract."

The nonprofit body is called the Internet Corporation for Assigned Names and Numbers (ICANN), and it's starting to move into high gear. About 10 days ago, it issued "Draft Guidelines for Accreditation of Internet Domain Name Registrars" and it's now soliciting public comment until March 3,1999; on March 4th, the ICANN board will vote on the Guidelines, and any public comments they decide to consider.

Ultimately, the ICANN guidelines may affect who is able to act as a domain name registrar; how disputes will be resolved between companies with competing claims to the same domain name; what new domain names are allowed (.Firm, .Info, .Nom, .Web, etc.) and much more.

Clearly, this is a Big Deal: It affects every business and person with a web site. And it puts ICANN in a position of incredible power: ICANN will determine who can and cannot act as a registrar. It will decide numerous technical issues involving the generation and propagation of new domains and names. And it will define policy issues that can affect everything from the fees we'll pay for domain registration to privacy rights in the registration databases.

But curiously, there hasn't been a lot of press about this. For an issue affecting tens of millions of people, the silence is curious---and disturbing.

In my InformationWeek Online column this week, I'll provide lots more information, including access to the draft Guidelines themselves and other background reports to help put this issue in context. Check it out, and then ask yourself a few questions: Does the concentration of so much authority in a non-governmental body alarm or reassure you? Do you think the new domain name plan will lead to lower prices and better security---or increasing chaos and contention? Join in the discussion starting Wednesday midday (EST; UT-5) at http://www.informationweek.com/langaletter.

return to top of page

The Worst PC Idea Ever?

Several years ago in a speech I gave to the Washington Software Association, I joked that someone---I thought it would be AOL---eventually would start giving away free PCs. The catch, I thought, would be that you'd be locked into AOL---sort of like a TV that's permanently tuned to one station.

Well, that hasn't happened (yet), but something similar's afoot: It's "Free-PC," a startup that made a splash last week with its offer of free Compaq Presarios to the first 10,000 qualified applicants. (See the WinMag news story at http://content.techweb.com/winmag//news/1999/0201/0208b.htm).

Strangely, the Free-PC service raises privacy issues that are of concern to everyone who uses a PC. Let me explain:

They give you a free PC that uses a custom version of Windows 98. It works like this: The monitor runs at 1024x768 resolution. The user area---the part of the screen that you control---is an 800x600 window in the center. This area looks and acts more or less like normal Windows. But the rest of the screen, comprising the top, bottom, and side margins, is controlled by Free-PC and consists mostly of ad banners and ad windows.

The ads are always there. When you go online (you must use Free-PC as your ISP), the ads are updated and new versions of the ads are stored on hard disk in an area you can't access. This update process happens in the background, but of course, this means that part of the meager 33Kbps data stream is consumed by ad update traffic. I have no clue how much bandwidth would actually be available for what the user wants to see, but it can't be much.

If you don't go online enough, or stay on long enough to allow the ads to be updated at the frequency that Free-PC wants them updated, the machine automatically dials out to the Free-PC ad database to get new ads on its own.

But, wait, as they say, there's more: To apply for a Free-PC, you have to tell the company

• who you and your family are, (gender, marital status, ages and birthdates of everyone living in your household)
• full contact information (physical address, email, phone, etc.)
• income
• principal use for the computer
• anticipated volume of use in hours/week
• how many other PCs you have and what kind they are
• what printer(s) you have
• whether you use a PC at work
• what your main interests and hobbies are
• what cars(s) you own or lease
• what other high-tech gear you own (ie cell phones, dvd players, etc.)
• what magazines you subscribe to
• and more

Note that the company gets all this information from everyone who applies---not just the people who will actually get the "free" PCs. I'll bet the Free-PC company is building a database of financial and familial detail that will be the envy of marketeers everywhere--- especially since most of the people supplying this detailed personal information will never see anything in return.

And those, um, lucky souls who are chosen to get the "free" PCs then go under an even finer microscope: Because you must use the Free-PC's ISP service to access the web and your email, Free-PC could build a detailed profile of where you go, what sites you like, and even who you write to, and who writes to you.

Why on earth would anyone give up so much privacy for what amounts to just a shot at a couple hundred dollars worth of hardware that will force-feed you ads and that could track your every move?

What's your take? Am I being too reactionary? Would you take a Free-PC under the terms shown above? Is this a great boon for end-users, or just another way to try to get inside our heads and spending habits? Is it a great way to get PCs into the hands of people who can't afford them, or just an unbelievably devious marketing scheme?

I'll have more detail, more info, and what's sure to be a lively discussion starting midday (UT-5) on Monday Feb 15 1999 at http://content.techweb.com/winmag/. Join In!

return to top of page

A BackOffice "Doh!" Bug

If you or someone in your company is running Microsoft BackOffice, there's a security hole you should know about:

However, the Install program doesn't delete the file, so your account and password information is just sitting there in the file called:

<systemdrive>\Program Files\Microsoft Backoffice\Reboot.ini

This normally isn't an externally accessible location, so it's not quite like leaving the keys in your car door---but it's a silly oversight that is potentially serious.

The short-term fix is simply to delete that file manually after an installation of any of the above Servers.  If you want more information, see http://support.microsoft.com/support/kb/articles/q217/0/04.asp

return to top of page

Worm Alert!

I get a lot of email--- at last count, over 600 per day. Last week, along with the various email contents, four people sent me attachments that contained the "Happy99" worm.

A worm is like a virus in that it hitches a ride with something legitimate---a file or program, usually. In this case, the worm rides along in a file called HAPPY99.EXE. If you run the program, it opens a window entitled "Happy New Year 1999 !!" and shows fireworks. This is a ruse to disguise the worm's other actions.

According to the folks at the Symantec Anti-Virus Research Center:

"The program copies itself as SKA.EXE and extracts a DLL that it carries as SKA.DLL into WINDOWS\SYSTEM directory. It also modifies WSOCK32.DLL in WINDOWS\SYSTEM directory and copies the original WSOCK32.DLL into WSOCK32.SKA.

"WSOCK32.DLL handles internet-connectivity in Windows 95 and 98. The modification to WSOCK32.DLL allows the worm routine to be triggered when a connect or send activity is detected. When such online activity occurs, the modified code loads the worm's SKA.DLL. This SKA.DLL creates a new email or a new article with UUENCODED HAPPY99.EXE inserted into the email or article. It then sends this email or posts this article.

"If WSOCK32.DLL is in use when the worm tries to modify it (i.e. a user is online), the worm adds a registry entry:
   "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce=SKA.EXE

"The registry entry loads the worm the next time Windows start."

So, the worm automatically replicates itself from machine to machine. It doesn't damage any data or corrupt your files, but it does spread itself around--- and some of you are spreading it to me and others. (Accidentally, I'm sure.) 8-)

A good anti-virus app will find copies of Happy99.EXE and flag them for you. Symantec also says you can clean things up manually:

1. delete WINDOWS\SYSTEM\SKA.EXE
2. delete WINDOWS\SYSTEM\SKA.DLL
3. replace WINDOWS\SYSTEM\WSOCK32.DLL with WINDOWS\SYSTEM\WSOCK32.SKA
4. delete the downloaded file, usually named HAPPY99.EXE

Check your system!

return to top of page

Just for Grins(?)

My fellow 12 jurors and I finished our first case last week, and it was interesting---although frustrating.

It was (ahem) a shoplifting case from a local K-Mart. The security guards found a man putting some small items inside a box containing a larger item. They watched him for a while as he first continued to shop and then tried to get a rain check on an out-of-stock item he wanted. They then let him exit the store without having paid for the small items inside the larger box. They stopped him, called the cops, and pressed charges.

The man in question is a well-known county commissioner and town moderator. He's 68 years old. He has diabetes, which has damaged the nerve endings in his fingers and toes: He can't grasp small items (but has no trouble with larger ones).

He went to the store to buy one thing (the larger item) and the smaller ones simply caught his eye: They were an unplanned purchase. As he had only planned to buy one item, he had no shopping cart. Unable to carry all the items loosely, he put the small items into the box of the larger one. He then continued shopping.

He saw a 2-for-1 sneaker sale that included the kind of velcro-closure shoes he needs (because he can't tie laces). He could find only one pair in his size. He went to the checkout and got involved in a lengthy attempt by the clerk to either find a matching second pair or issue a raincheck. In the confusion, he had what might be called a "senior moment" and simply spaced out about the small items inside the larger box.

He paid for everything that the cashier rang up, and left the store. When he was stopped, the security guards asked if he had unpaid items. Our 68-year old Master Thief immediately realized what had happened, and offered to pay, but K-Mart has a zero-tolerance policy for alleged shoplifting.

In K-mart's defense, it's easy to see how it initially looked like shoplifting. Our elderly Master Thief admits, in hindsight, that putting small things inside a larger box was not a bright move. He has no explanation for why he did it other than that he didn't think it was a problem because he intended to pay. Dumb, yes. But if moments of stupidity in themselves were a crime, we'd all be in jail.

In any case, some common sense could have cleared this up at the outset: The diabetes, age and character of the defendant raise huge areas of reasonable doubt. But instead, K-Mart chose to prosecute, and ended up involving six of its own employees, two police officers, a county prosecutor, a judge, a county clerk, a court stenographer, two bailiffs and 13 jurors including me, Fred "Hang 'em High" Langa.

That's a lot of people involved. What items did K-Mart think were worth engaging the justice system to this degree? (Drum roll, please.) It was four drill bits worth a total of---are you ready?--- $19. What a heist! Call the Guinness Book!

I suppose if it had been maybe a $50 "theft" K-Mart would have sought the death penalty. 8-)

It was interesting to see the process at work--- but frustrating that so much was being brought to bear for an offense so tiny and so easily cleared up. In any case, with an area of reasonable doubt big enough to drive a truck though, and with some common sense about justice and proportionality, it didn't take us very long at all to find the defendant not guilty.

One more case to go, as the wheels of small-time justice continue with their ultra-fine grinding....

return to top of page

(P.S. Please email the LangaList to a friend! Use this super-fast form!)

return to top of page