Dr. Jerry Pournelle

Email Me

Why not subscribe now?

Chaos Manor Subscribe Now

Useful Link(s)...


Hosting by

Powered by Apache

Computing At Chaos Manor:
The Mailbag

Jerry Pournelle jerryp@jerrypournelle.com
Copyright 2008 Jerry E. Pournelle, Ph.D.

February 18, 2008

First, a couple of comments and corrections.

Subject: D-Link Update

Hi, Jerry -

After writing about the trouble I had with my old D-Link DI-604 router, I decided to give it another try. It turns out a firmware update was released last July. With that installed, the router works fine.


Glad to hear it. I've always recommended D-Link, and still do.

Dr. Jackson had problems with iTunes transfer, and other problems converting to the Mac. Thomas Weaver has a suggestion:

Subject: Connecting to iTunes

I had the same problem. Changing the cable modem to a newer one that could handle the 1000/100/10 speed of the Mac solved it.

Can't give any guaranty though.

Thomas Weaver

Outside of dog a book is man's best friend, Inside it is too dark to read. Groucho Marx

Continuing Dr. Jackson's remarks:

Mac experiences - part 2

Dear Jerry,

As you know, from my previous email to you on this subject, I was less than enamored with my new 24" i Mac. iTunes would not connect to the store reliably, one of the main reasons I decided to purchase a new Mac and replace my somewhat unreliable Vista media server (which still functions as one of my many alternative machines). Anyway, for reasons that are not clear, the Mac decided to work correctly and for the last 2 weeks it has worked correctly.

Now, I am not one to believe in software "settling in", there is always a reason, albeit not readily apparent in this case, so I am intrigued as to what changed!! BTW since I installed the 10.5.2 Leopard upgrade, the system has become better behaved in a lot of other respects.

One piece of so called Mac OS X lore is the "repair disk permissions" which seems to be the universal remedy e.g. I purchased Prosoft's Backup 3 (which is somewhat more flexible than Time Machine and backs up to a NAS etc.) and it would not save custom back up settings. Turns out to be due to a problem with disk permissions. Why they become broken is the question. This machine has not had chance to become corrupted by a few months of install/uninstalls etc.

Office 2008 is quite useful although it is slow to load, does not share the ribbon interface with Office 2007 (thank heavens) and does not support VBA which is a problem for us Excel addicts. However I have VM Ware's Fusion installed and a XP Pro installation working very well which gives me access to all my Windows only favourites (including Office 2003, Visio, Project etc.). Vm Ware has the advantage that virtual machines built in any version of Vm Ware (server and workstation anyway) will run in Fusion. Want to try Ubuntu; down load the virtual appliance and off you go. This is amazing and makes the Mac a very useful piece of equipment for inveterate fiddlers like myself.

I look forward to seeing how you survive your Mac only month. BTW I love the new iMac keyboard after learning how to use it, but hate the Mighty Mouse. I use a Logitech laser mouse. Logitech have all the drivers etc. available for the Mac, so you lose no functionality.

So I am back in the Apple camp but still stand by my comments regarding support etc. They are not much better than anyone else. Here's to experience!!

Best regards,

Dr. Peter M. Jackson

I have not had reason to ask for Apple Support, and being me, I do have other resources. My experiences with the Mac have had their annoyances but overall it has been pleasant enough. See this week's columns...

And there are interesting side effects to becoming a Mac User:

Subject: Welcome to the land of mac snobs...

Now that you're running a mac, you'll want to read this...


I fail the sneaker test (5 pairs in 1 year.) I've only bought 1 pair   in the past 3 years.


PS: get some sleep. You've been up awfully late recently.

John Harlow, President BravePoint

But I buy my sneakers from Haband, and they are NEVER fashionable...

We have comments on the Kindle and Kindle marketing:

Subject: Thoughts on the Kindle, and DRM


I'm enjoying your commentary on the kindle. For such a simple consumer device, it seems rather polarizing. Some people like it despite its flaws, others pan it badly (and often without even using it). While tempted to give it a try, I find the price a bit high for such an experiment. My other hesitation has to do with the DRM. I know from experience that I rarely reread works of fiction. Since my reading time is limited, I'd rather spend it on something new. Rationally, then, I shouldn't be bothered by the fact that my purchases are always going to be locked up in a single device, available only through Amazon. Why should I care, since I'm unlikely to go back and reread most of what I purchase? And yet it does bother me to be restricted in that fashion. It just feels wrong, at a gut level. Perhaps it comes from hearing too many tales of music listeners who are unhappy about having thousands of dollars in DRM'd music tied up with vendors that they no longer wish to deal with.

As many have pointed out, DRM mainly restricts legitimate users. And yet, if there were no DRM and no copyright enforcement, there would also be widespread piracy, with content creators not getting their fair return. It is easy to have good intentions; it takes a lot of discipline to reach for the wallet when something appears to be free.

I do note that many music labels have now dropped DRM for online music. But the music industry through the much maligned and hated RIAA, continues to aggressively pursue those who engage in unauthorized distribution of copyrighted works. Perhaps the two are connected? Much as the public may loath the RIAA and it's tactics, perhaps that is the price to be paid for having widely available DRM free music.

I do wonder if an aggressive enforcement approach with eBooks would make publishers more comfortable with dropping DRM? I'd certainly be OK that strategy if it meant more DRM free content.

CP in Connecticut

I agree that at present DRM seems to cause far more problems for legitimate purchasers than for pirates, and sometimes encourages legitimate purchases to learn pirate techniques just to enjoy what they bought. Whether that will continue isn't as clear to me as it seems to be to other pundits. I have considerable faith in technology.

Kindle self-publishing

The article link on Kindle publishing in your letter section was quite interesting to a frustrated author.  Kind of like the "Cafe Press" of books.

Their legal boilerplate is here.

As a professional, what do you think of the terms here?  They seem reasonable to me, but I'm far from an expert, and this stuff is awfully dense.  Maybe the SFWA wants to get its two cents in on this.

Tom Brosz

I was running out of time, and asked long time friend and author Francis Hamit to comment. Francis has more experience with Amazon publishing than I do, and I have always found his judgment to be sound.

Kindle self-publishing

Dear Jerry:

I am not a lawyer, but this looks similar to the deal I signed with Amazon Shorts. It is non-exclusive, which means that the author can sell the same work to other distributors in other formats. It requires that a similar price be set, although there is some wiggle room there and I doubt that they much care. "Similar" is very flexible term. The tax collection provisions in the contract seem to anticipate the V.A.T. problems that have kept Amazon Shorts limited to the USA, but the residence requirements seem to shut out the foreign authors who have added so much to the diversity of that program. Again that may be lawyers at work. They don't want to be sued overseas and lose the advantages that large corporations have under U.S. Copyright Law. (With the declining dollar, I will be hard put to put a price for Euros or Pounds Sterling on those editions of The Shenandoah Spy". It will change fairly often. It won't be on the cover the way it is on the U.S. edition.)

IMO authors should set the price at what they think their work is worth and not worry about being price competitive. We are not selling oranges here and a cheaper price, as one of your correspondents pointed out, will not make someone buy a book. Each is unique and has it's own audience. The best idea is to make a profit from Copy One. That is one reason to use Print on Demand Technology, which now has hardbound as well as trade paperback options.

It is actually easier to publish on Kindle than on Amazon Shorts, which has recently been criticized for its lack of selectivity by some self-professed literati. Shorts has a review process and recently went on hiatus to refine its pipeline. There are over 3,000 items on offer there now. The people in charge there say that Shorts will be sold on Kindle. The Shorts program needs a higher public profile; I still get blank looks when I mention it, or people think I am talking about underwear. Amazon.com did not push it the way they have Kindle.

Kindle, unlike Shorts, takes previously published material and does not even require ISBN registration as you have with other books. That's because Kindle is a closed system. You have to be an Amazon customer to get that format. Palm tried this and it did not work. I would advise against publishing only for Kindle. There are already over 90,000 items in their catalog, so standing out in that crowd is going to depend upon the power of your"brand" (And every author has a certain amount of Brand Equity.) You are not obligated by this contract to do so. You can also format for Adobe and Microsoft Reader,as I did with 66 of my titles. You may not find the return for that effort rewarding in the financial sense.

Anytime you have to convert text to a new format, it takes time and time, as they so often say, is money. Expect a glut of self publishing with a Gresham's Law effect (The Bad drives out the Good). The audience here is undefined. Geek love of gadgets does not translate to mass market success in every instance. The iPod had this because listening to music is a passive activity. Reading takes active engagement on the part of the consumer and reading can be accomplished in self-selected bits. Does Kindle have the equivalent of a paper bookmark?

That said, I may try one or two pieces on it, but getting the print editions of "The Shenandoah Spy" out is the big job right now. That has an official publication date now of May 9th. That was Belle Boyd's birthday. Once we have a cover image finalized there will be preordering available on Amazon.

As I learned a long time ago doing consulting for various businesses, sometimes you have to work the problem through before you really understand how to solve it. I am exploring doing that seminar you suggested. Probably next fall, up in Marin County. One day, if we can make the numbers work and attract the right speakers and sponsors.

One thing is sure; the entire publishing paradigm is changing and someone made an interesting point on the Amazon Shorts boards yesterday. Most self published works fail to attract a large audience, but the same is true of most conventionally published authors. How many authors do we know whose latest work has gone unpublished because their last failed to earn out the advance? It takes three to five novels for most novelists to attract a reputation and an audience and good editing is another thing that the beancounters at major publishing houses have dispensed with. Nothing like paying 25 bucks for a book and finding typos or that a character has changed names in mid-narrative.

In my non-legal opinion the contract is fair and designed mostly to avoid nuisance lawsuits. There is a learning curve with the software I am told, but not a hard one. The royalty is 35%, which is more than you will get from any other publisher, but unless Kindle really does take off, you won't coin huge amounts of money here. Even then, you are competing against all of the material already in the system, so it probably should be another version of something you have in print or otherwise electronically published.


Francis Hamit

Thanks. I have very few short stories but I do have some shorter essays, so perhaps I will give this a try when I dig out from under the loads I seem to be carrying. I am blessed with more than enough to do.

As to my general experience with the Kindle, I continue to like it.

On Operating Systems and some asides

When assigned to Aberdeen Proving Ground as an Army Captain, before the PC, I learned to use "Talk" and "Phone" at a terminal connected to a VAX-11/782, on which engineers conducted weapons design simulations, for me, on what was called the ARPANET (earlier and later called DARPANET). But I couldn't do what those engineers did. I bought my first computer, a Mac 512 Ke, in 1986. But when I arrived in the Washington, DC, area in 1988, I had to learn to use MS-DOS, and couldn't believe how utterly primitive it was. I also had to learn how to use an AT&T Teletype Mod 40 machine, which was more primitive than an MS-DOS computer. But I used to read "BYTE," and saw that you and some others were already going beyond MS-DOS.

Today, I've got both Windows XP and Mac OS X at home. I keep both machines tuned up and maintained. Of course, about 20% of my Windows time is devoted to maintenance: this is the VERY last Windows I will ever own. It'll be Mac all the way (or Mac and Linux).

For about 10-12 years, it was all Windows here at home, because the family wanted it (games, "everybody else has it," etc). I was "away" from the Mac for that stretch. But when I got an iMac for myself in '06 (I hadn't yet tried Mac OS X), I found that it was more "interoperable" with XP than Vista is. I just loaded ALL my files onto CDs and fed them into the Mac. The only items it couldn't read were the "thumbs" (thumbnail views) in each directory, but the Mac does that its own way, so I didn't need them.

Although Unix took some learning (I don't use Terminal, but underneath the GUI, it acts a bit differently, as you've learned), it's NEVER crashed: not once! I always liked the Mac: things just seemed to work much quicker, more efficiently, and much more elegantly.

On the other hand, while doing a Microsoft Update earlier this week on my Dell XP machine, I got the dreaded Blue Screen Of Death (BSOD)! I rebooted, but I again saw the BSOD. Then, into SAFE mode, but forgot that it doesn't connect, although XP worked. Back into regular mode, and it worked, but automatically brought me to a Microsoft browser page in Internet Explorer (I use Firefox) that told me to:

1. Download Dell's Driver Reset and use it, and if that didn't work,

2. Go back to Microsoft Update and see if I can "undo" my last update, or if that didn't work,

3. Put my head between my legs and kiss my butt goodbye.

I used the Dell Driver Reset and it told me that I had no problem. I did it again to confirm.

So, I decided to play with it the way it was to see if there were any other problems. Well, one had certainly developed: I had NO sound!

I pulled out my original Sound Blaster CD, reloaded it, and everything's been fine since Wednesday.

I'm keeping my fingers crossed, but I thought waterboarding was considered to be torture (the BSOD was caused by Microsoft Update)! It seems to me that underneath the GUI, Windows (Microsoft's spaghetti code) is held together by shoestring and bubblegum.

On another note, I also read your "Pearl Harbor 2007" article and LOVED it. Few people really understand the differences (or shall I say "lack of differences") between the then-fashionable Communism and un-fashionable fascism, a rift that you correctly wrote appeared in the 1930s. But as a career Army officer (I'm retired now), I became a Soviet Foreign Area Officer, and had to study the Russian language and the USSR for some 5 years, including grad school. So, I am one who has actually studied Scientific Communism, Marxism-Leninism, and actually read Marx and Lenin in both Russian and English. Your article correctly placed all "sides" in context.

I will have to stop by and visit "Chaos Manor" more often. But I still miss "BYTE," the only computer magazine of its type. It was SO much better than all the others, and to this day still is.

Nick Aleshin
Ellicott City, MD

We all miss Byte. And I certainly miss the money; now I have to rely on subscriptions.

Continuing the discussion of Firewalls. It had gone on a while in private. We can begin here, with a short quote from Rick Hellewell for clarity and Peter Glaskowsky's comment:

>> Mr. Christensen also asked if "a secure https connection protect[s] against man-in-the-middle attacks". All https does is encrypt the traffic between two sites. The MIM hacker over in the corner of the coffee shop can intercept your traffic before you authenticate to the bank site (or even as you authenticate). <<

It's my understanding that if you try to browse to https://www.my_bank.com and the site that responds doesn't have a site certificate issued by one of the certificate authorities your computer already trusts, you'll get an error. Even if the responding server does have a legitimate certificate but the certificate is for a different domain name, you'll still get an error.

You can see this result if you surf on over to https:// www.ideaphile.com which is my server, hosted by Verio. I don't have any secure services on that site so I haven't bought my own certificate. The server responds to the https request and provides a legitimate but generic certificate. Your browser should complain that the site name on the certificate doesn't match the site name it was requesting. That would be your clue not to proceed with any secure operations.

The result is that man-in-the-middle attacks are prevented as long as the user knows not to ignore the warning and to look for the lock icon or other symbol that indicates a successful secure connection. All the attacker can get is the user's original "GET https://www.my_bank.com" request, which isn't useful.

On the other hand, if the user accepts the connection in spite of the warning, the attacker can then establish a separate encrypted connection to the user's site of choice and make it look like they're using it directly.

So the lesson is that https can provide effective protection if properly configured, and users need to be trained to look for the signs of good and bad security before revealing personal information.

. png

Rick Hellewell replied:

re: png's comment about SSL:

Suppose that the "clueless user" is in a coffee shop, and the "evil hacker" is over in the corner pretending to be the coffee shops' wireless access point. The hacker has set up a login page that looks like the shop's access point (although there doesn't have to be a login page, since the shop has set up an open wireless network). The user walks in, fires up the computer, and connects to the evil hacker's access point. The hacker passes through all traffic from the user through his "access point" to the shops' access point. The user gets a connection to the Internet, not knowing that his traffic is being monitored by the evil hacker.

At this point, if the user accesses his bank login page via a secure connection, the traffic between the bank and the user will be encrypted (as if the user had connected to Peter's secure site). Although the hacker can capture the traffic, it will be encrypted. The hacker is the 'man-in-the-middle', but there is no advantage to the hacker (yet).

Now suppose that the evil hacker has created pages that look just like the bank's web pages, and is hosting those pages on his evil computer. He has created a valid certificate for his evil site. Now the hacker can watch for a connection request by the user to the bank's web site. When that happens, the hacker sends a TCP reset to the bank, and sends the evil hacker's bank web page back to the user. The user logs in via the evil login page, the hacker grabs the credentials and forwards them on to the bank, gets the response back from the bank, and sends a copy of the response back to the user. The user thinks that they have successfully logged into the bank's site.

The user has got a valid encrypted connection to the evil hacker bank. SInce the hacker bank has a valid certificate, the user see's the 'lock' in his browser, and assumes all is OK. The hacker takes user traffic and forwards it to the real bank, and forwards bank traffic back to the user (while grabbing any important information for later use).

Traffic from user to hacker is encrypted. Traffic from hacker to bank is encrypted. Hacker has access to unencrypted traffic.

Now we have a good 'man-in-the-middle' attack, and the user is none the wiser. The user would need to inspect the hacker's SSL certificate to determine that the certificate didn't really belong to the bank.

Or a variation: once the hacker has faked the login page, and authenticated the login with the bank (although that is not even required), the hacker could show a page to the user that requests that the user install a little program to 'enhance' his access to his bank site. Of course, that program is actually a keylogger, or even the bank trojan discussed in my previous discussion. Once again, the evil hacker has control of the user's traffic -- his bank login information, for example.

A firewall will not protect against these types of attacks. "Safe Computing Practices" (in this case, not doing banking transactions at a public wireless spot, and not installing helpful little programs) will help protect the user. Along with all the other SCP's.

Regards, Rick Hellewell

This discussion get highly technical. Managing Editor Brian Bilbrey noted in response to valid certificates to invalid sites not generating warning notices:

Yes, there will [be "'bad certificate' messages popping up to alert the user"]. Look at the certificate next time you connect to an HTTPS site that doesn't issue warnings. Here's one:


I executed this test using Internet Explorer 7 (under XP, in VMware).

Click on the lock icon, and view the certificate. Click on the Certification Path tab. Observe that the certificate trails all the way back up to "VeriSign Class 3 Public Primary CA". That corresponds to a root certificate that you got FROM Microsoft when you installed the OS, or when you installed the root certificates optional update. WITHOUT that root certificate, there would be no verification of the certification path, and the SSL cert would not validate properly, period.


And Peter Glaskowsky closes with:

Truly, there will be warnings.

Unless the certificate goes back to a root CA installed on the   machine, the browser will complain.

The user doesn't have to catch it, the browser does.

You're right, however, that a firewall doesn't help with this problem or many other security risks. My personal pet peeve is the continued support for insecure POP3 and SMTP, which is probably the easiest way for someone sitting in a Starbucks to swipe valuable passwords.

Also I'd like to see ISPs offer VPN connectivity to all customers when away from home, and I'd like to see laptops configured by default to refuse to send traffic through non-WPA access points unless a VPN is active.

Who the heck designed the Internet, anyway? What were they thinking?

.     png

The best protection against being exploited is to develop good habits. There is no real protection from operator carelessness. Be careful out there. Here there be monsters.

And here is Peter Glaskowsky on Mac OS X Time Machine:

Ron Morse wrote:

> Does Time Machine back up everything, or just the directories that > contain user-specific settings and data?

Time Machine makes a complete backup of the computer, including all attached hard drives if desired (with some limitations; it won't back up my Boot Camp partition, and I have to log out of my main account to get that backed up since Time Machine can't work on FileVault- protected home directories). The backup disk becomes a hierarchical collection of date-stamped directories rather than an ordinary bootable disk, but it can be used to restore the original disk by booting the system from the Leopard install DVD.

Personally I also like to make periodic backups in the form of encrypted disk images. Those are easier to use manually, and easier to archive to offline hard disks and DVD-R disks for long-term protection.

Time Machine is definitely a 1.0 product right now-- arguably 0.9 since some of the planned features didn't make it in, such as encrypted backups-- but it's still pretty slick and useful.

. png