How To Subscribe and Unsubscribe is at the end of this note. Mailing List Trouble? See http://www.langa.com/help.htm
Questions about the advertisers? See the end of this note. Please also see legal notices at the end of this note. LangaList: ISSN 1533-1156

Please recommend the LangaList to a friend! (And maybe win $10,000 !)

An easier-to read formatted HTML version of this newsletter is available
<a href=" http://www.langa.com/newsletters/2001/2001-11-05.htm ">here</a>

The LangaList
Standard Edition

2001-11-05

A Free Email Newsletter from Fred Langa
That Helps You Get More From Your Hardware, 
Software, and Time Online

Please visit our sponsors and help keep the LangaList S.E. free!

1) The End Of Anonymous Surfing?

Microsoft's Passport (and its competitors) makes it harder than ever to keep a low profile. Passport is bundled aggressively within many of Microsoft products--- XP, MSN, Hotmail, MSN Messenger, etc--- and is becoming harder and harder to avoid.

We recently covered Passport during the run-up to the release of Windows XP (both the OS and the Office applications), when we identified two important areas for concern regarding the way XP manages--- or mangles--- your privacy: Passport and Windows Product Activation (WPA).

To recap: We initially focused extensively on WPA. (See http://www.informationweek.com/story/IWK20010831S0009 and http://www.informationweek.com/story/IWK20010816S0015 ). After those articles were written, Microsoft "softened" WPA, increasing the number of components that WPA allows you to change without triggering a need to reactivate; and changing the time period during which system changes are tracked. If you don't change your system components too much, too fast, you can avoid many of the hassles of WPA. (Alas, one exception seems to be the network card, because many users report that any change in NIC seems to trigger the whole reactivation process, even if nothing else is changed.)

Even this gentler, kinder WPA remains an issue because it's a mandatory element of XP: There's no getting around it. If you don't register, your software cripples itself, and reverts to a reduced functionality mode.

But the greater security/privacy issue may lie with Passport, which is a nominally optional part of XP and a mandatory part of many other Microsoft offerings.

As you may already know, Microsoft's Passport is a centralized, cross-domain logon-automation service. (Microsoft recently changed the service's name to ".NET Passport"--- see http://microsoft.com/net/whatis.asp --- but we'll continue using the short form of the name here.)

Microsoft says Passport is safe and secure, and that it protects your privacy. And at one level, that's true.  But there's a catch, because Microsoft and its partners actually still can track you via a unique 64-bit numeric identifier that's generated to identify you to Passport sites.  Microsoft says, "This unique identifier makes it possible for the site to determine whether you are the same person from one sign-in session to the next."

But, of course, this also gives Passport-enabled sites a way to get around some techniques used for anonymous surfing: Even if a Passport site doesn't initially know you by name, it may still know you by your Passport's persistent numeric code, and thus can build an ongoing profile of you and your surfing habits on that site.

There's lots more to this story--- far more than will fit in a newsletter. Because Microsoft is pushing Passport so hard, it's too important to skim over--- especially since Sun and AOL have both announced they'll be offering Passport-like services too!

So, I've made this the subject of my current InformationWeek.Com column this week. There, you'll get the whole story, plus tons of additional links from security experts--- and even hackers--- commenting on the weaknesses and strengths of Passport and similar services.

I'll also tell you of a simple, free alternative that offers almost all the benefits of Passport-like services with essentially none of the risks!

Please check out the new article which should be posted soon at
http://www.informationweek.com/861/langa.htm  and/or then add your comments at http://www.informationweek.com/forum/Fred Langa . (The latter URL will work even before the article itself is posted.)

See you there!

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

2) Bye-Bye Direct Cable Connection? Peer To Peer?

Don Mong writes:

Greetings: The following issue should have interest beyond my own. Turns out there is an obvious changeup in how (or if) it's possible to do a quick parallel cable hookup between a main desktop and laptop system for file exchange. Main system now using Win2K; notebook has WinME on it. My earlier setups had combinations of Win98x and WinME. Each of these OSs has an accessory app that does a neat and quick cable hookup between machines. Not so with Win2K. Have been into all kinds of configuration options with Win2K. Even have the desktop and notebook 'seeing' each other. But cannot get anything useful, i.e., transferring any files. Any solution beyond buying more 3rd-party workaround apps like PCAnywhere?

As in Win98, simple peer-to-peer connections--- including Direct Cable Connections--- are supported in Win2K and XP. In a homogenous environment--- groups of systems all running XP/Win2K for example--- it's about as simple to set up peer networking as it is in Win98.

But whether by standard networking or Direct Cable,  peer networking in a heterogeneous environment---  mixed Win9x and XP systems, for example--- can be a lot harder. That's because XP/Win2K/NT handle local networking quite differently from Win9x/ME, and there are all manner of pitfalls.

The benefit is that Win2K/XP networking is more secure. For example, access is based on user-specific permissions rather than on simple shared passwords. The problem is that this is a needless complication in situations where the extra security isn't meaningfully useful or desired. (And many small office and home networks fall into that category.)

XP offers an updated "Networking Wizard" that lets you set up XP networking on one machine and then generate a floppy disk you carry around to other non-XP machines; supposedly, this makes for effortless networking, and I've heard from a number of readers for whom it's worked. It's never worked for me, though: I've found it necessary to do a *lot* of manual diddling, and to fundamentally change the operation of the non-XP/Win2K boxes in order to get them to talk to the XP/Win2K boxes. It's a pain.

If you're just getting started with Win2K/XP-style networking, you may find these articles helpful (I did!):

http://support.microsoft.com/support/kb/articles/Q258/7/17.ASP
http://www.helmig.com
http://www.practicallynetworked.com

But I have yet to find any top-quality reference or tutorial that walks you through all the steps of configuring a safe and simple peer network in a mixed Win9x/ME and XP environment. If any of you have found one, please let me know!

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

3) Useful--- And Interesting--- Pages From the Past

Jason Levine writes:

Hey Fred,  I thought you'd enjoy this. This site has archived versions of websites for years. According to their site, they have "over 100 terabytes and 10 billion web pages archived from 1996 to the present." It's quite fun to be able to pull a copy of WinMag.com from December 1998. (An article on breaking up MS? How some things stay the same while so much else changes! -) ) It can also be useful it a site stops working entirely to be able to dig up an old link. Here's the URL: http://web.archive.org

They're experiencing higher than normal traffic (and I'm sure featuring it on the LangaList wouldn't help the situation ;-)) so be patient. Here are some fun sites to look at:

Old Winmag pages:
http://web.archive.org/web/*/http//www.winmag.com/

Old LangaList pages
http://web.archive.org/web/*/http//www.langalist.com/

Thanks, Jason, that is cool. Sometimes, the direct links don't work, even though the URL is OK; just go in through the front door ( http://web.archive.org ) if you have trouble.

BTW, Jason updated his free "Script Sentry" security tool in late September. If you haven't grabbed a copy of that--- or his "Cookie Jar" tool--- stop by http://www.jasons-toolbox.com/ !

Reader "CuPNCaucer" also found the Web Archive site, sent along this link to a feature article about the site:
http://www.salon.com/tech/feature/2001/11/02/wayback/index.html?chkpt=zdnnh110

Thanks, guys!

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

4) Patches, We Got Patches...

Running Windows 98/SE/ME/XP?

"Invalid Universal Plug and Play Request can Disrupt System Operation...On Windows 98, 98SE, and ME systems, receiving such a request could cause a variety of effects ranging from slow performance to system failure. On Windows XP... the flaw consists of a memory leak... to the point where performance slowed or stopped altogether."

Patch and info:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-054.asp

And if you're running XP, be sure to click over to "Windows Update" for a security patch that was released on Oct 25, the day the OS officially became available.(!) It covers the above, plus one other XP-specific issue:

The "Windows XP Update Package, October 25, 2001" provides patches for the problems that are discussed in the following Microsoft Knowledge Base articles: http://support.microsoft.com/support/kb/articles/Q309/5/21.ASP

Patch Available for HTTP Request Encoding Vulnerability
Invalid Universal Plug and Play Request can Disrupt System Operation

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

5) More on Port Probes And Online Security

The "Broadband Follow-Up" in the last issue ( http://www.langa.com/newsletters/2001/2001-11-01.htm#2 ) generated a lot of mail, including this:

Your 2001-11-01 letter listed web sites that list ports. The web site that has helped me the most in understanding firewall logs is Robert Graham's "Firewall Forensics" page at http://www.robertgraham.com/pubs/firewall-seen.html ---Kevin Davidson

Thanks, Kevin--- nice resource!

We'll be coming back to online security soon: I've been testing Sygate's Personal Firewall, a new version of WinProxy, and the desktop firewall that's built into Windows XP. In addition, ZoneLabs is set to release ZoneAlarm 3.0 soon.

Stay tuned--- looks like this will be a very busy season for online security info!

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

6) Paulo Breim Got His $30 Gift Certificate. Want One?

Reader Paulo Breim just got a no-strings $30 Gift Certificate for any item at Amazon.Com--- books, software, hardware, kitchenware, toys, and more. Paulo got it by using the "Recommend" link at http://www.langa.com/recommend.htm .

If you use that link to recommend the LangaList to a friend, your friend may find a new source of useful information, I may gain a new subscriber; and you just may win a gift certificate, just as Paulo did. (Full details are available via that link.) The more times you make a recommendation, the greater your chances are of winning!

Or, if you'd like to try to win $10,000 (really!), try this link (full details also available here): http://www.recommend-it.com/l.z.e?s=143182

Either way, thank you, and good luck!

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

7) Who's Reading Your Old CDRs?

In "The Dead Drive Security Loophole" ( http://www.informationweek.com/837/langa.htm ) we discussed how it was relatively simple to read data off old hard drives even after they've been reformatted or re-FDisked! This is a real security issue for people who send hard drives out for repair, or who discard old drives: The data you thought was erased may still be there!

But what about your old CDRs and CDRWs, especially those you use to back up your hard drives?

Hi Fred, I really enjoy your Plus edition and am looking forward to more of the same.

With all of the talk about backing up hard drives to CDs, the thought comes as to how to destroy the CDs when they are obsolete so that other folks cannot get to your information. I found the following links and thought that you might like to see them: http://www.roxio.com/en/support/discs/destroydiscs.html has some good information and also leads to http://www.netcomuk.co.uk/~wwl/cdzap.html which leads to http://www.hamjudo.com/notes/cdrom.html . This might be a bit extreme but maybe it will come in handy for someone. --- John Davitt

Thanks, John. The Roxio information on making CDRs and CDRWs unreadable is probably the best; I agree the other two are a bit extreme. 8-)

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

8) More Reader Sites!

Do you have a home page or website? (It doesn't matter what size.) Please click over to http://www.langa.com/code.htm , and maybe you can join the hundreds and hundreds of LangaList readers who have "Loaded the Code!" (If you've already "Loaded The Code" and are wondering if your site will appear here or on the Langa.Com web site, please see http://www.langa.com/link.txt )

Speaking of which: Here's another eclectic sample of reader sites--- some professional, some very personal:

View A Randomly-Chosen Reader Site From Among All Listed
http://www.langa.com/randomlink.htm

Manually Browse All Posted-to-Date Sites Starting At
http://www.langa.com/readersites.htm

Major European soccer (football) leagues/World Cup
http://soccer.sportsground.com/

Mes 4 Saisons
http://samx.multimania.com/

Investors Money Management
http://www.immcorp.com/

Daev Seezen's Animation Site
http://people.freenet.de/daevczen/dczweb1.html

Paul R. Bushell PC Sales/Service
http://www.bmts.com/~pbushell/

Al Hofland
http://www.alhofland.com/index.htm

Shareware, freeware and demoware
http://www.afreego.com/

Betty J. Law
http://www.bjlaw.net/

Rachel's Pages (kid-safe site)
http://www.racheltoday.com/links.html

NSBA - Nova Scotia Badminton Association
http://accesswave.ca/~gerrymar/nsba/nsba.htm

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

9) File-Type Hassles?

All users--- no matter how experienced--- sometimes run into weird file types they've never seen before. One site I use to try to figure out some of the weirder ones is http://whatis.techtarget.com/fileFormatA/0,289933,sid9,00.html , which purports to list literally "every file format in the world." Even if that's not 100% true, the site is still definitely worth a bookmark!

But reader Patrick McCarren wanted to know more specifically about graphic file types he ran into:

I have kinda figured out that some of my software cannot handle one type or another, but it is strictly 'trial & error' on my part. Where can I find info telling me about the various graphic file formats, differences between them, the pros and cons of each, etc. This seems like something that you've probably discussed before, but either I missed it, or had some other issue on my brain at the time.

The site at http://www.dcs.ed.ac.uk/home/mxr/gfx/ does a pretty good job of explaining graphic file types in more detail than the "every format in the world" site mentioned earlier. Hope it helps!

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

10) Just For Grins

Writing from Russia, reader Alexander Bunakov offers this--- silly,  but cute---tech support parody:

"Merlin, Inc. technical support. How can I help you?"
"Yesterday I've bought your sword..."
"Congratulations, sir, you've made the right choice!"
"It doesn't work."
"What does it mean - doesn't work?"
"It doesn't cut the dragon's head."
"Have you read the manual, sir?"
"A noble knight have not to know how to read! But my armour-bearer have read it for me aloud twice."
"Well, sir. Have you taken the sword out of the sheath?"
"Yes."
"Is that really so? Check it again, please."
"I've done it, I say to you!"
"Okay, sir. Now check the edge sharpness."
"Ough!"
"You shouldn't do it with your finger, sir."
"What the finger? I've done it with my tongue! I always check a sharp flavour of my dishes like that."
"You see, sir, a sword has a bit different construction than your dinner dishes. The term 'sharp' means here..."
"I'm not obliged to know you technical terms! I'm a user, not a hardware specialist. You'd better answer why doesn't it work!"
"Did it work before?"
"I don't know, I've bought it only yesterday!"
"Okay, sir. Have you done anything with it?"
"No!"
"Are you sure?"
"Well, I only took it out of the sheath."
"Did you try to grind it yourself?"
"What for?"
"You know better, sir. Maybe you tried to install new spells on it?"
"No, I use the default ones, which are supplied with the sword!"
"Maybe it's the spoiling, sir? How long ago have you updated your holy water?"
"I've downloaded the fresh version only two days ago!"
"I see, sir. Then look if there are unscreened sources of black magic nearby. They may create hindrances for the sword."
"What sources?! I'm in the desert!"
"Don't be so nervous, sir."
"I'm not nervous!"
"Then why do you pant?"
"Because the dragon is chasing me!"
"Oh, so the dragon is near you?"
"Yes, he is already QUITE near!"
"Excellent, sir! Give him the receiver."
"And what if he bites my arm off?"
"Sorry, sir, but medical problems are beyond our competence."
"Next time I'll buy a sword of Morgana, Ltd.!"
"Well... okay, sir. Describe at least how the dragon looks."
"Well, he is such... yellow... with moustaches..."
"It's clear now. You should begin with it. It's a non-licensed dragon, a Chinese counterfeit."
"And?"
"Read the license agreement, sir. Merlin, Inc. doesn't guarantee any compatibility with non-certified devices."
"And what shall I do?"
"Don't use cheap no-name dragons anymore, sir."
"Looks like HE is going to use me right now! Aaagh! No! Aaaaa..."
"Sir? Sir, are you okay?... Well, in any case, Merlin, Inc. thanks you for cooperation!"

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

11) Plus! Edition Highlights:
"Wilbur" Indexes Your Hard Drive For Free;
Pros and Cons Of A Popular Free Anti-Virus Tool;
Letter From Derlan

Today's LangaList Plus! Edition contains all ten items above, plus about 30% more content including: A discussion of the relative merits of brute force hard drive searching, versus "indexed" searching, with a link to a free tool for the latter; a reader evaluation of the good and bad points of a popular free antivirus service; and a letter from Derlan, one of the children supported through the LangaList Plus! subscription funds contributions. (See http://www.langa.com/plus2.htm#kids for more info.)

Plus! Edition info: http://www.langa.com/plus.htm 

Click to email this item to a friend
  http://www.langa.com/sendit.htm

return to top of page

See you next issue!

Best,

Fred

(fred@langa.com)

Please recommend the LangaList to a friend! (And maybe win $10,000!I)

An easier-to read formatted HTML version is available in the "Current Issue" section of http://www.langa.com.  (The HTML version of each issue normally is available by 9AM EST [UT-5] of the issue date.) All past LangaList issues are also available at the Langa.Com site.

return to top of page

Administrivia:

UNSUBSCRIBE: From the same email account you used to sign up with), send an email to
unsubscribe-langalist@lyris.dundee.net

SUBSCRIBE (it's free!): Create and send a new email to
subscribe-langalist@lyris.dundee.net

CHANGE ADDRESS? LIST TROUBLE? HAVE QUESTIONS? OTHER PROBLEM? NEED HELP? See http://www.langa.com/help.htm

This is a 100% OPT-IN newsletter: See http://www.langa.com/info.htm

About the advertisers: http://www.langa.com/privacy.htm#ads

Disclaimer: http://www.langa.com/legal.htm  In brief: All information herein is offered as-is and without warranty of any kind. Neither Langa Consulting LLC, nor its employees nor contributors are responsible for any loss, injury, or damage, direct or consequential, resulting from your choosing to use of any information presented here.

This newsletter is a free service of Langa Consulting LLC and is Copyright © 1997-2005 Fred Langa/ Langa Consulting LLC. All worldwide rights reserved. LangaList: ISSN 1533-1156

return to top of page