How ToSubscribe and Unsubscribe is at the end of this note. Mailing List Trouble? Seehttp://www.langa.com/help.htm
Questions about the advertisers? See the end of this note. Please also see legal notices at the end of this note. LangaList: ISSN 1533-1156

Please recommend the LangaList to a friend! (And maybe win $10,000 !)

An easier-to read formatted HTML version of this newsletter is available on line at
http://www.langa.com/newsletters/2001/2001-06-28.htm

The LangaList
Standard Edition

2001-06-28

A Free Email Newsletter from Fred Langa
That Helps You Get More From Your Hardware, 
Software, and Time Online

Please visit our sponsors and help keep the LangaList S.E. free!

--- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---

1) Bugged By Web bugs?

Web bugs are normally tiny, invisible graphics (usually 1x1 transparent GIFs), but there are other kinds, and reader Leslie Coke has run into some:

*Any* image on a web site or HTML e-mail message can be used as a web bug. I have noticed that they are definitely being used in some of the advertising e-mail that I receive. They usually add parameters to the URL of the image that are unique to my e-mail address. All they have to do later is mine the web server logs for all references to the image URL. The more information links also consist of additional parameter data so they can track click thru's as well. All the major search engines are now using click thru's also.

You're right, Les, and one of my main points about web bugs is that they're not special at all---  any graphic or any link can act as a web bug, including photos, drawings, logos, standard URLs, etc. And even the small 1x1 version is still just an ordinary, standard, static GIF, like any other.

As such, Web bugs "report" or "track" no more and no less than any other graphic or link can. But because they're called "bugs," people think they have special powers or abilities, or contain some kind active spying technology, like a telephone bug. They do not.

Another reader wrote in to say that I was wrong about Web bugs and Cookies--- he didn't want "these programs" tracking him!

If they were programs, I'd agree. But they're not. In fact, they are not active in any way at all. Usually the only way a cookie or bug can become associated with any private, personal data is if you *voluntarily* provide private data by filling out a form on a web page associated with the cookie or bug. If you don't give out that data, then almost all the web bug fear-fantasies simply collapse. With no private data to work with, the bugs pose no risk to your privacy.

OK, you might say, but isn't it at least *possible* for bugs and cookies to be used for evil purposes?

Sure. But the chain of events needed to pull off a true covert privacy breach via Web bug--- that is, using a bug to obtain truly private data without the knowledge and, at some level, *cooperation* of the person being targeted--- is so remote as to be almost silly.

Consider this argument-by-analogy: Each year, a few of the Earth's 6+ billion humans are killed by elephants. So, it's 100% true to state that statistically, the odds of you dying under the flat feet of a pugnacious pachyderm are NOT zero. It *could* happen. But for most of us, the risk is so small--- and so easily avoided--- that it makes no sense to equip ourselves with anti-elephant technology. (And if you don't believe me, then perhaps you'll want to buy this marvelous little program I wrote: It's 100% guaranteed to prevent elephants from stepping on your PC, or your money back! <g>)

Reasoning in the same vein: The risks from bugs and Cookies are also nonzero, but small and easily avoided. With just a little common sense, the risks from Cookies and bugs drop so low they're just not worth worrying about.

But all the above doesn't matter to some people: It's almost as if they *want* to believe that Cookies and Web bugs are somehow actively spying on them, or "looking over their shoulders as they surf," even when you can conclusively prove that most Cookies and bugs are utterly harmless.

At one frightening end of the spectrum, I've received email from what seem to be seriously disturbed individuals who believe that unnamed "someones" are out to track their every keystroke and click; believing that their click stream is somehow incredibly valuable or interesting to others. Let me tell you, some of these emails are *really* out there, and the writers seem to be a few short steps from full-blown delusional paranoia. Scary--- and sad.

But even at the gentler end of the anti-Cookie, anti-bug spectrum, there's something that appears to me to be a form of mass hysteria. I think there's a psychology thesis in all this for someone. 8-)

As the current InformationWeek.Com "LangaLetter" explains (http://www.informationweek.com/843/langa.htm ), all security risks are NOT equal. Some are very real, and require high vigilance. Others are so small and easily managed that they can be mostly ignored. In that vein, believe that with basic precautions, Web bugs and Cookies become such a tiny risk that going all-out to eliminate them is simply a waste of time.

Check out the InformationWeek.Com article, get the scoop, and if you don't agree, please let me know: If my reasoning is off track here, I'd love to know why or how. Join in the discussion! http://www.informationweek.com/843/langa.htm

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

--- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---

2) Now This Is A *Real* Security Issue

Web bugs and Cookies may be relatively trivial security matters, but this is definitely not:

Hi, Fred! A week ago, the story "broke" that an online computer store had exposed its entire order database, including all its customers' credit cards, to easy view by anyone. I had discovered that simply typing-in a URL which they printed on every invoice they shipped, would yield full details of any order record. My concern now is that there is no indication whatsoever that this company has any intention of informing those thousands of people of their exposure. I hope to see this serious omission get lots of public attention. I invite you to help make that happen, if it fits with your interests. The full story of my discovery and of this irresponsible company's inexcusable behavior in response to my efforts to help and to media reports, is on my site at
http://pc-help.org/privacy/chq/

Best, Keith Little (aka pchelp  http://pc-help.org/ )

Thanks, Keith.

Sometimes, credit card companies take care of this on their own. Have you ever gotten unasked-for replacement credit cards sent to you by your credit-card issuer, before the expiration date of your old cards? Sometimes, that's done after a security breach affecting many customers: The new cards invalidate the old ones, whose numbers may have been stolen or compromised without your ever knowing about it.

But in a case like Keith's, it seems to me that the company should have notified its customers so they could cancel their cards and get new ones on their own--- it only takes a minute and a free phone call to do so. However, I don't know the circumstances surrounding the security breach Keith reports, so it's hard to say exactly what the problem was and what the proper remedy should have been..

In any case, Keith's investigation is eye-opening and worth reading...

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

3) Smart Tags = Dumb Idea?

I'll be covering this a lot more later. But if you want to get up to speed, check out http://www.microsoft.com/windows/ie/preview/smarttags/default.asp and then think about how Microsoft can take any HTML/XML content--- conceivably even formatted emails that you send privately to your friends--- and insert their own URLs into your content...

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

--- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---

4) BIOS Update Update

No, it's not echolalia. <g> A while back, we discussed BIOS updates (see http://www.langa.com/newsletters/2001/2001-02-05.htm#3 ), and ever since, reader mail has been trickling on that subject.  Here's a new update on the topic, drawn from some of the most widely-applicable reader suggestions and tips on both the general topic of BIOS upgrades, and on the specific issues which involved enabling large hard drives on older motherboards:

Fred, While the vendor's site is always the best place to start, I've had to use Wim's BIOS page several times to find correct Flash BIOS updates and is worth recommending.http://www.wimsbios.com/  --- Gary L. Walter

Fred,  I was in the process of checking my BIOS when I read your article. I had found a great tool for checking and recording your BIOS at a commercial page http://www.unicore.com/  They want to sell you a new BIOS chip, but the BIOS Wizard tool is free. Thanks for a GREAT newsletter! --- J R Nugent

There would appear to be a limit on hard drive sizes of 33.8GB on some motherboards for which there does not appear to be a BIOS upgrade (not unless it has been very recently introduced). http://www.storage.ibm.com/techsup/hddtech/bios338gb.htm  I came across this when I tried installing a 45GB IBM Hard Drive and it didn't even recognise it, to all intents and purposes the drive was operating in dodo mode. Fortunately, I had bought 2 identical drives, and two brand new dead drives was too much of a coincidence. Put the jumpers on the back of the drive in the right place and the drive capacity reduces to 32GB - the dodo becomes a phoenix http://www.storage.ibm.com/techsup/hddtech/dtla/dtlajum.htm  I do not know if drives from other manufacturers have this "Capacity Clip" facility. ---Chris Carr

A link into Intel's site for their "old" motherboards is http://support.intel.com/support/motherboards/bios.htm  . Be prepared to click around as some of the links no longer work (some of the BIOS Identifier links are broken; it appears that the Board name links are still valid though). ---  Jeff.Brielmaier

As always I enjoy the LangaList, and am glad to have signed up for the Plus Edition. I saw where you talked about hard drive 'overlay' software, or soft-BIOS software; that allows an old BIOS to "see" a new, larger hard drive....To obtain the hard drive software, all a person has to do is to go to the website of the respective manufacturer. The soft-BIOS software for most hard drives can be downloaded for free. For instance:
Western Digital Data Lifeguard Tools --
http://www.wdc.com/service/ftp/drives.html#dlgtools
Maxtor MaxBlast Plus --
http://www.maxtor.com/products/DiamondMax/software/maxblast/default.htm
Seagate DiscWizard --
http://www.seagate.com/support/disc/drivers/discwiz.html
Quantum Ontrack Disk Manager 2000 --
http://service.quantum.com/softsource/disk_docs/dm2000.htm
IBM Disk Manager 2000 --
http://www.storage.ibm.com/techsup/hddtech/welcome.htm#Installation
Fujitsu OnTrack DiskGo --
http://www.ontrack.com/fujitsu/
All of these downloads are free, though each of them can only be used on its respective manufacturer's brand of hard drive. (These are all IDE/EIDE versions, by the way.) So -- when I go to buy a hard drive, I always look at the discount houses first. They might charge as much as $50 less than a full retailer; then all I have to do is go to the manufacturer's site and download documentation and the soft-BIOS program, if need be. --- John Howard

Wow! Thanks to all who wrote in!

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

5) New Security Test Site

Mikhail Penkovsky writes:

Hello Mr.Langa! Let me introduce new IT project called PC Flank ( http://www.pcflank.com ).

"Our main concern is to help protect users computers from Internet viruses and attacks by hackers. We provide a lot of services for protecting system and network such as system's tests (browser test, ports check, trojan check, IGMP and ICMP attacks check), free check of user's files, free experts advice, trojans database, security news and much more."

Thanks, Mikhail. the site looks good: lots of into, and a free "test your system" option that's conceptually similar to the ones at http://www.grc.com and http://www.dslreports.com, but that has some interesting options under the "advanced" tab.

The site appears to be a little fussy, perhaps over-reporting in some areas, but it's fast and easy to use. As always, I suggest you not rely on any one security test, but rather several. If multiple sites all show the same problem, then you know it's real.

Worth checking out!

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

6) Last Days To Enter June's FREE Drawing

On June 30, I'll choose another monthly winner of a no-strings $30 Gift Certificate for any item at Amazon.Com--- books, software, hardware, kitchenware, toys... To have a shot at winning, just use the following link to recommend the LangaList to a friend. Your friend just may find a new source of useful information; I just may gain a new subscriber; and you just may win a $30 shopping spree! (Full details also available via this link): http://www.langa.com/recommend.htm

The more times you make a recommendation, the greater your chances are of winning!

Or, if you'd like to try to win $10,000(!), try this link (full details also available here):
http://www.recommend-it.com/l.z.e?s=143182

Either way, thank you, and good luck!

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

7) Email "Header" Forgery

Bob Nemmers ran afoul of email forgers:

Fred: This letter ("Claim your Free Digital Voice Recorder, it's been paid for by...") is one my wife received at her web e-mail address at tomatosisters@XXXXXXXXX.com. The weird thing is that is was *From* her account and *To* her account. Do you know how this is possible? There is nothing in her sent box. If you have an idea I'd like to know.

It's easy to forge portions of email "headers," the routing information that accompanies all email. It's a favorite trick of spammers, who can make any email appear to come from almost anyone--- even, as in this case seeming to have the email be From and To the same person.

Here's the header Bob sent, slightly amended for privacy. But if you scan the header, you'll see the thing *really* originated at "paid4survey.net:"

From tomatosisters@XXXXXXXXX.com Wed Jun 20 002409 2001
Apparently-To tomatosisters@XXXXXXXXX.com via web11607; 20 Jun 2001 003737 -0700 (PDT)
X-FilteredBulk 206.190.224.11
Received from f11.prx190224.mibx.net (EHLO sx1.paid4survey.net) (206.190.224.11) by mta440.mail.xxxxxxx.com with SMTP; 20 Jun 2001 003736 -0700 (PDT)
Received from sx1 ([206.190.224.11]) by  sx1.paid4survey.net with Microsoft SMTPSVC(5.0.2195.1600);
Wed, 20 Jun 2001 002409 -0700
From <tomatosisters>
To <tomatosisters@XXXXXXX.com>
Subject Claim your Free Digital Voice Recorder, it's been paid for by...
Message-ID <b17901c0f959$ff00ec30$0be0bece@paid4survey.net>
Content-Type multipart/alternative; boundary="----=_NextPart_000_0001_01C0F917.88AE4420" MIME-Version 1.0
Content-Location http//www.paid4survey.net/voicerecorder.asp?sent_to=tomatosisters@xxxxxxxxx.com
Return-Path tomatosisters@sx1.paid4survey.net
> Free...Free...Free

By checking the full header of any suspicious or offensive email you get, you can often (but not always) track it back to the true source by using any of the many available "Whois" ("Who Is?") services that let you view the public registration records for a domain or web site. Those public registration records let you see who's behind *any* web site, so you can contact them if necessary.

For example, in this case, you can use this Whois to learn all about paid4survey.net:
http://networksolutions.com/cgi-bin/whois/whois?STRING=paid4survey.net&STRING=Search

Clicking that link tells you the domain is owned by:

Paid4Survey Paid Survey
P.O.Box 2156
San Jose, CA 95109 US
Phone 408-350-9000
Email paid4survey@ynnmail.com
Homepage http://www.register.com
Domain Name PAID4SURVEY.NET

In this case, a phone call--- or better, a strongly worded registered letter--- to Paid4Survey should encourage them never to spam you again. 8-)

And again: You can do a "Whois" lookup on ANY web site or domain!

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

8) They Loaded The Code

Do you have a home page or website? (It doesn't matter what size.) Please click over to http://www.langa.com/code.htm , and maybe you can join the hundreds and hundreds of LangaList readers who have "Loaded the Code!" (If you've already "Loaded The Code" and are wondering if your site will appear here or on the Langa.Com web site, please see http://www.langa.com/link.txt )

Speaking of which: Here's another eclectic sample of reader sites--- some professional, some very personal:

View A Randomly-Chosen Reader Site
http://www.langa.com/randomlink.htm

Manually Browse All Posted-to-Date Sites Starting At
http://www.langa.com/readersites.htm

Word of Mouth Newsletters
http://www.xcpublishing.com/wompage.html

Prisoner of War Camp #1, Fukuoka, Japan
http://www2.gol.com/users/winjerd/Pwcmp1_a.htm

Deluke's
http://www.dreamwater.org/deluke/monte.html

RANANBRAY
http://www.zoominternet.net/~rcbray/

Red Amber Resource
http://www.redamber.com/index.asp

FAIRFIELD COUNTY, SC
http://communities.msn.com/winnsboroscnet

Day Tripper
http://www.geocities.com/daytrip50/index.html

Luton & Dunstable Region (UK) Churches
http://www.lutonchurches.org.uk/html/index.htm

Bonnabel High School (LA) Faculty
http://www.geocities.com/bonnabel122/

Multidimensional Consulting
http://www.multidimensionalconsulting.com/

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

--- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---

9) More Goodies From An Old Favorite

Rick O'Gorman found unexpected depth in a site we've discussed previously:

Hey Fred, Thought you might like to remind Langalist readers about this site http://www.sysinternals.com/  This website was mentioned previously (http://www.langa.com/newsletters/2000/2000-09-11.htm ) but I didn't check it out at the time, oddly for me, and came across it recently. There are a bunch of powertools available as freeware, too many for me to list. Of relevance: One tool called SDelete v1.1 (http://www.sysinternals.com/ntw2k/source/sdelete.shtml ) seems to address a recent thread on your Langalist newsletter (http://www.langa.com/newsletters/2001/2001-05-14.htm ), that of securely "deleting" free space on a drive so that it cannot be recovered.

It's a good site indeed, with downloads for Win9x/ME and NT/W2K. Thanks, Rick.

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

10) Just For Grins

There's a wonderful site called "Lost In Translation" that seeks to answer this question:

"What happens when an English phrase is translated (by computer) back and forth between 5 different languages? ... Translation software is almost good enough to turn grammatically correct, slang-free text from one language into grammatically incorrect, barely readable approximations in another. But the software is not equipped for 10 consecutive translations of the same piece of text. The resulting half-English, half-foreign, and totally non sequitur response bears almost no resemblance to the original. Remember the old game of "Telephone"? Something is lost, and sometimes something is gained. Try it for yourself!"

The examples are amazing:

"I'm a little tea pot, short and stout."
translates to
"They are a small POTENTIOMETER, short circuits and a beer of malzes of the tea."

"a cookie is just a cookie, but fig newtons are fruit and cake."
translates to
"biskuit has expert of biskuit, but Newton von Fig is fruit and hardens."

So I had to try it. I used my web-site slogan:

"Make the most of your hardware, software, and time online with the LangaList."

After being automatically transliterated to French, then back to English, then to German, then English, then Italian, then English, then Portuguese, then English, then Spanish, then English (whew) what came out is:

"In order to lose the thing more better possible of its physical dowry, logical software and by much hour in the chain with o.l.ist longitudinally."

Right. Couldn't have said it better myself!

Want to try your own translation weirdness? Check out: http://www.tashian.com/multibabel/

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

--- ( Your Clicks On Ad Links Help Keep The LangaList Free! ) ---

11) Fred's PC Cooling Mods;
A PIM-like Info Organizer;
A Free Way To Capture/Store/Organize Web Info

Today's LangaList Plus! Edition contains all ten items above, plus about 30% more content including: A full-length mini-feature article on how Fred altered his new PC (for a total hardware cost of just $10) to prevent summer overheating that can significantly shorten the life of a CPU; a freeware/shareware info organizer that's reminiscent of some of the first-ever PIMs; and a neat, free tool that lets you capture, store, and organize info from your web travels.

Plus! Edition info: http://www.langa.com/plus.htm

Click to email this item to a friend
 http://www.langa.com/sendit2.htm

return to top of page

See you next issue!

Best,

Fred
(fred@langa.com)

Please recommend the LangaList to a friend! (And maybe win $10,000!I)

An easier-to read formatted HTML version is available in the "Current Issue" section of http://www.langa.com.  (The HTML version of each issue normally is available by 9AM EST [UT-5] of the issue date.) All past LangaList issues are also available at the Langa.Com site.

return to top of page

Administrivia:

UNSUBSCRIBE: From the same email account you used to sign up with), send an email to
unsubscribe-langalist@lyris.dundee.net

SUBSCRIBE (it's free!): Create and send a new email to
subscribe-langalist@lyris.dundee.net

CHANGE ADDRESS? LIST TROUBLE? HAVE QUESTIONS? OTHER PROBLEM? NEED HELP? See http://www.langa.com/help.htm

This is a 100% OPT-IN newsletter: See http://www.langa.com/info.htm

About the advertisers: http://www.langa.com/privacy.htm#ads

Disclaimer: http://www.langa.com/legal.htm  In brief: All information herein is offered as-is and without warranty of any kind. Neither Langa Consulting LLC, nor its employees nor contributors are responsible for any loss, injury, or damage, direct or consequential, resulting from your choosing to use of any information presented here.

This newsletter is a free service of Langa Consulting LLC and is Copyright © 1997-2005 Fred Langa/ Langa Consulting LLC. All worldwide rights reserved. LangaList: ISSN 1533-1156