How To Subscribe and Unsubscribe is at the end of this note.
Mailing List Trouble? See http://www.langa.com/help.txt
Want an easier-to read formatted HTML version? See http://www.langa.com/whats_new.htm

Please recommend the LangaList to a friend! (And maybe win a Palm III !)

The LangaList

6-Sept-99
(Holiday Issue---It's Labor Day in the US)

A Free Email Newsletter from Fred Langa About BrowserTune,
HotSpots, Columns, Tips & Tricks, and Other Activities

In This Issue:
Alert! Almost All Copies Of Windows Have This Bug!
"Burn In" And Other System Setup Secrets
More on Last Week's Java Security Item
Why All The Windows Bug Reports?
Langa.Com Site Updates
Recommend It!
Just For Grins
More!

 

Alert! Almost All Copies Of Windows Have This Bug!

Microsoft has just released info and a patch on something called the "Fragmented IGMP Packet Vulnerability."

Normalspeak: A malicious or incompetent person could potentially cause your PC to slow to a crawl or even crash by sending you a pile of a special kind of normally-invisible internet information packets.

Geekspeak (feel free to skip this paragraph): IGMP stands for Internet Group Management Protocol; it's a protocol originally and mainly designed for hosts on multi-access networks to communicate their group membership information to routers, but has been extended and modified since its inception. It's now used in multicasting where data is sent to an IP address to reach multiple hosts. Normal IGMP packets aren't a problem, but if a Windows machine has to process fragmented packets, trouble can ensue. This affects all versions of Windows, and is a basis for potential denial-of-service attacks.

This is brand-new security alert, and the patches are just now becoming available. If you want the patch (and I recommend you get it), Microsoft says they'll soon be posted as follows:

Patches:

More info:
http://www.microsoft.com/security/bulletins/MS99-034faq.asp

return to top of page

--------------( Please Visit This LangaList Sponsor!) ------------

--------------( the above is a paid advertisement )--------------

"Burn-In" and Other System Setup Secrets

The discussion of "System Setup Secrets" has turned up some interesting and informative information over at
http://content.techweb.com/winmag//columns/fred/1999/0831.htm

For example, a reader pointed out it's a great idea to leave a brand-new PC on continuously for several days---to "burn it in"--- and he's right: Most solid-state hardware either fails early in its life or practically runs forever. The computer industry even has a macabre term for the failures that tend to cluster early on in a device's life: They call it "infant mortality." (Honest!)

But if new system gets past the first few days or weeks of use without suffering a hardware failure, chances are the hardware itself will run perfectly for a very long time. (The software is another story....) So leaving a new system on and in constant for a while is a very smart idea because if you're going to have an "infant mortality" problem with your new PC, you want it to happen while the system is new and under full warranty.

Please check out the full column on setup tips, and then join in the discussion running right now at http://content.techweb.com/winmag//columns/fred/1999/0831.htm !

return to top of page

More on Last Week's Java Security Item

Last week, I told you about a potential problem with Windows' Java implementation, and where you can get a better version. (Missed the item? See http://www.langa.com/newsletters/Sept-2-99.htm#bug1 )

Curiously, Windows Update now offers a very abbreviated patch for this problem; the WU patch is just 161 KB long. But if you go to the WU site and follow the "more information" link, you're brought to the page I referenced last week, which offers a 6 MB download.

It's unclear what's going on, exactly, but my best guess is that the short WU download is a true patch to your existing Java setup, while the 6MB download at http://www.microsoft.com/java/vm/dl_vm32.htm is a full replacement for the Java subsystem.

Call me paranoid, but I went for the full version.

return to top of page

-------------( Please Visit This LangaList Sponsor!) ------------


--------------( the above is a paid advertisement )--------------

Why All The Windows Bug Reports?

I got email from some readers alarmed at the number of Windows security bug reports in recent issues. I've also gotten email from Mac Fans who take the discussions of Windows security bugs as a sign of the Mac's "superiority."

With Windows popularity and ubiquity, coupled with the enormous ill-will many feel towards Microsoft, Windows is the #1 target for crackers/hackers. When some pimply-face, pizza-breath sociopathic technogeek wants to make a name for himself, he's going to try to break Windows because that's where the people are. What would be the point of performing, say, a denial of service attack on a system few people use? If you want notoriety, you do something where it's going to be noticed.

Put it another way: If the Mac (or Linux or whatever) were as popular as Windows, then one of those systems would bear the brunt of crack/hack attacks, and a lot more of their security flaws would come to light. Yes, other OSes such as the Mac OS and Linux have some advantages over Windows, but Windows also has many, many advantages over them. On balance, I remain firmly convinced that---for most people, most of the time---Windows (warts and all) remains the best OS choice.

But (1) Windows is indeed imperfect, as all software is; (2) it's what most people use, by an overwhelming margin; (3) it's what most hackers/crackers try to break; and (4) Microsoft (to its credit) does more to clean up security problems, create patches, and publicize the information than any other company I'm aware of.

In short, that's why I spend time discussing Windows bugs and fixes here.

return to top of page

Langa.Com Site Updates

Many of you regularly visit Langa.Com ( http://www.langa.com ) to view the on-line HTML version of this newsletter via the "What's New?" link. (I hope to offer a by-email HTML version soon...). And from time to time I get emails like this one from reader Dennis Lilla:

It seems that the link "What's new" sometimes lags the email newsletter. For instance, this morning I received the Sep. 2 email issue. When I follow the "Current issue in HTML format", I get the Aug 30 page. Am I doing something wrong?---Dennis Lilla  (P.S. I really enjoy the newsletter. Keep up the excellent work.)

Dennis wasn't doing anything wrong---he was just up earlier than I, that's all. 8-)

The newsletter is sent from an automated mailing service and usually goes out in the wee small hours of the morning. I live in New Hampshire, on the east coast of the United States; we're currently on Eastern Daylight Time, which is GMT-4. When I get up in the morning I rework the Langa.Com site to match the newsletter.

But an inevitable consequence of this being a one-man operation is that there's a lag of at least several hours from when the first, middle-of-the-night copies of the newsletter are mailed to when the site is updated. (I have to sleep sometime. <g>)  If you visit the Langa.Com site before I've had a chance to update it, you'll still see the links to the previous week's newsletter.

I apologize for any inconvenience this may cause. If I could figure out how to function without sleep, I would...   8-)

return to top of page

A Recommendation?

As mentioned above, it's just me working here. This newsletter isn't part of CMP or any other large organization; I do this on my own. That's why your word-of-mouth recommendations are so important to me--- it's the very best way to help this newsletter grow.

May I ask a favor? If you could take just literally one minute and recommend the LangaList to just one friend, I'd really appreciate it.

There are two easy ways to do this:

The Recommend-It service
http://www.langa.com/recommend.htm#1

The Langa.Com Recommendation Form
http://www.langa.com/recommend.htm#2

The Recommend-It Service is a commercial (ad-based) service. But in return for recommending the LangaList through their service (it only takes a minute), they give you a shot at winning a Palm III organizer! Try it!

The Langa.Com form is simpler and involves no ads. Its operation is fully explained on the page above, but alas, I can't give away Palm III's. 8-)

Either way, I'm dead-set against spam, so I won't sign up your friends unless they explicitly request a subscription. Both ways are 100% safe to use; neither you nor your friends will get any unsolicited email from me, ever.

Thanks for your help!

return to top of page

-------------( Please Visit This LangaList Sponsor!) ------------

--------------( the above is a paid advertisement )--------------

Just For Grins

Reader Marius Andra sends this along:

Q. What's the difference between an amateur and a professional programmer?

A. An amateur thinks that 1 kilobyte is 1000 bytes. A professional thinks that 1 kilometer is 1024 meters.

 

return to top of page

See you next issue!

 

Best,

Fred

(fred@langa.com)

-------------( Please Visit This LangaList Sponsor!) ------------

The LangaList grows by almost 10% per month!
Tap into that growth for promoting your site, product or service:
It costs less than you think!

See http://www.langa.com/rate_card.html

--------------( the above is a paid advertisement )--------------

(Please recommend the LangaList to a friend! (And maybe win a Palm III !)

An easier-to read formatted HTML version is available in the "what's new" section of http://www.langa.com. All past LangaList issues are also available via the same link.

return to top of page

 

Administrivia:

Why are you getting this newsletter? There are only two ways to get on the list (direct email request or via the WinMag mail list signup page) so if you're getting this newsletter; your name came to me through one of those channels.

SUBSCRIBE (it's free!): Send email to subscribe-langalist@lyris.dundee.net
UNSUBSCRIBE: Send email to unsubscribe-langalist@lyris.dundee.net
LIST TROUBLE? HAVE QUESTIONS? NEED HELP? See http://www.langa.com/help.txt

This newsletter is a free service of Langa Consulting LLC and is Copyright © 1999 Langa Consulting LLC. All rights reserved.

return to top of page