Dr. Jerry Pournelle

Email Me

Why not subscribe now?

Chaos Manor Subscribe Now

Useful Link(s)...


Hosting by

Powered by Apache

Computing At Chaos Manor:
December 8, 2008

The User's Column, December, 2008
Column 341, Part 1
Jerry Pournelle jerryp@jerrypournelle.com
Copyright 2008 Jerry E. Pournelle, Ph.D.

The economy outside is frightful, but our machines are so delightful...

A number of readers have asked about career paths in a recessional economy. I suppose I should be flattered, but in fact I'm really no expert on this: I haven't had a salaried job since I was Deputy Mayor of Los Angeles in 1969. (Actually I had the title of Executive Assistant to the Mayor and Director of Research, but my old position is now called Deputy Mayor, which sounds better and is much shorter.) Prior to that I was a professor at Pepperdine and before that I was in aerospace. All those professions - aerospace engineering, academia, and political management - have changed so much that I have little understanding of how they work now. I'm not at all sure who does know.

When I was in aerospace there were many funded projects. I managed two hundred million dollar projects before I was thirty years old. Every competent operations research engineer was pursued by headhunters trying to get him (or, I suppose, her, although I didn't know any women operations research people in the 1950's) to take a 20% or more salary increase to change jobs. As long as you could do the work you had no problems finding work to do. I developed some skill in writing resumes, but in truth it didn't take a lot of skill to get a new job offer. It's a bit different now, and my advice on career management would be useless.

Clearly there's no point in my writing about academia or politics as a career. My time in those was brief - about a decade - and both professions have changed beyond recognition.

Since the early 1970's I've been a full time writer of science fact and fiction. I got into computer journalism/column writing at a time when computers were new, and my readers were as much hobbyists as users; indeed, the title of my column was "The User's Column" and reflected my view that you didn't need to be a computer geek to get some work done with these machines. Some of us just used them. Of course I loved them too...

I learned to do some programming, mostly in Commercial BASIC (a well structured compiled BASIC) and FORTRAN, but I also learned Pascal, Turbo Pascal, and Modula-2, and I wrote some programs that I use to this day. I also learned enough about C to be certain that C Programs would be difficult to debug and maintain and I would never want to be a C programmer. Of course the hardware available in those days was very limited, and C, which was only one step up from an Assembly Language, was much faster both in compilation and in run times than everything else. So long as the hardware was limited it was obvious that "real programmers work in C", and I sure wasn't interested in that. Besides, most computer geeks couldn't write, and the magazines were discovering that it was easier to teach writers to understand computers than to teach computer engineers to write. I could already write, and I learned fast...

The result was that my work experience has been pretty much confined to the publishing industry, so I am hardly the person to ask about career paths outside that - and I sure don't recommend that you consider changing to either publishing or journalism just now.

Journalism is notoriously in trouble. The Los Angeles Times has been cutting editorial jobs, and more than one editor has resigned in protest without much effect. There are a lot of journalists working for various web sites, but I don't think many make a living at that - and there are a lot of former print journalists, some fairly well known, looking for ways to make money. I have noted that the science press corps gets smaller every time there is a major event, and many of the people I see at science events are normally assigned to some other beat and have been sent to JPL or AAAS meetings because there's no one else. Bob Thompson tells me that CNN eliminated its science and technology staff last week. I am sure there are career paths in journalism, but nowhere near as many as there used to be, and I'm not likely to be much help in finding them.

The publishing industry is no better off: it's contracting. (NY Times link - registration req'd.) Random House and Simon and Schuster - I've had best sellers published by both houses - have laid off many people and are reorganizing to cut costs. They're calling December 3 Black Wednesday.

There's discussion of publishing industry problems in every author association I hang out with. This isn't the first sign of trouble in the publishing world; it's been going on for years since the paperback book distribution business imploded, so publishing was already contracting before the real estate bubble collapsed and brought most of the economy down with it. Publishers have always recruited most of their editors from recently graduated English majors willing to live four to a room on a fifth floor walkup; they claim that it takes a couple of years experience before they learn enough to be useful. Whether that's true or not is irrelevant because there's never a shortage of young men and women eager to live on the miserable starting salaries publishers pay.

Moreover, over the past couple of months several publishing houses have ceased either to hire new editors or to look at new submissions. With a few notable exceptions, advances are way down for just about everyone. Established authors are probably all right provided they are productive, but I'd sure hate to be breaking into the writing racket just now.

Of course we all have very powerful computers. We also have some pretty good writing and publishing software both commercial and open source. It has never been easier to write, edit, and publish both words, videos, music, and software.

Some authors are experimenting with self publishing. My friend Francis Hamit, a journalist but by no means a computer geek, has worked with Amazon, and has started his own "publishing house". He continues to write. One of his works, The Shenandoah Spy, a Civil War novel about the very real lady known to most of us as "Belle Star" is self published and Hamit continues to experiment with new ways to promote his works. You can see part of the story at this link, and a Google search on Hamit for my web site www.jerrypournelle.com will show much more. If you're at all serious about self publication, I strongly advise you to look up what he's had to say about it. There's a lot and it can save you time and money.

Some publishing houses are turning more heavily to eBooks as the paperback distribution system collapses, but at the moment eBook revenues to authors are pretty small compared to what we get - and especially compared to what we used to get - from paperback royalties. We can hope that eBooks can cover at least part of what writers have lost as the print publishing industry teeters.

If all that hasn't discouraged you and you still want to get into the writing business, the best start I know of is with an essay I wrote years ago, and which is available on my web site.

PC Magazine Goes Online Only

PC Magazine has gone all-digital; there's a good editorial about that from my old friend and associate Michael Miller. Byte went through that a decade ago. We managed to continue a few years after ceasing print publication, but eventually BYTE faded out; I hope PC Mag does better.

PC Mag had a big effect on my journalism/columnist career although I never wrote for the magazine. The first time was about a year after its founding: in those days I didn't have a contract with BYTE although they expected monthly columns and reviews. The regular columnist at PC Mag was Peter Norton; it was monthly in those days, and Peter had not yet become rich and famous from Norton software.

PC Mag decided to go bi-weekly, and Norton, who was starting his software company and writing Norton Utilities, declined to do a column that often. He suggested they get me to alternate with him. Since I didn't have a contract with BYTE that seemed reasonable - in those days the computer industry was changing so fast that it was no problem finding things to write about - so I called BYTE and asked how they'd feel about my continuing my BYTE column but also doing one for their biggest rival.

"We'd hate that," said BYTE.

"But they're offering me a lot more than you're paying me," said I.

A couple of days later a contract appeared in the mail. It offered better than double what they'd been paying, plus some expenses, but I couldn't do columns for anyone else. I signed it immediately. I really liked writing for McGraw Hill, whose legal staff more than once intervened when someone threatened to sue me over a bad review of something they made. McGraw Hill legal insisted I be able to prove what I said; they'd take it from there. Otherwise I had no publisher direction whatever. McGraw Hill required and enforced complete editorial independence from sales. It was a great time to be a computer columnist.

A few years later PC Mag made me another offer for considerably more money, and when I showed it to BYTE they beat the PC Mag offer by 10%. I was glad of it: I really liked working with BYTE and giving the Best of Comdex Awards and all the other stuff we did. Those were the days when computer magazines made money hand over fist. I wish PC Mag well in their conversion to on-line only.

Where are we going?

If I had a real working crystal ball I wouldn't have to work so hard, but some things are pretty clear. I've said much of this before, but it bears repeating.

The economy will recover. We still have the tools and an educated populace flexible enough to change jobs. It's going to take a while, and we are likely to experience some wild inflation - more than likely, given how everyone wants a bailout at a time when the budget deficit is at an all time high - but the economy will recover. The trick is to survive during the dry spell, and for that it's important to take stock of the situation.

First, our hardware is a lot better than our software. The hardware we have or can get today can do enormously more than it does - and there are a lot of things we all wish our computers would do for us. This is clearly a great opportunity not only for software publishing houses, but also for programmers either working individually or in small teams. Now of course it's easy to say "Write a really popular computing program and you'll do well," just as the best advice I can give aspiring authors is "Write a best seller." The devil is in the details.

I get a lot of email from programmers asking if they should write some particular program, and I have no real basis for an answer to that, just as editors have no notion of what will sell well. My favorite example of this is the Thomas Covenant series by Stephen Donaldson. Several of the books became best sellers, but I can imagine Donaldson going to an editor to say "Hey, let me pitch you a series about an anti-hero who's got leprosy!" Most editors ran for their lives, but Lester Del Rey bought it, and every editor who turned Donaldson down was kicking himself.

In other words, neither I nor anyone else really knows what's going to catch on. The best advice I have is to think things through: does your program do something that a lot of people want it to do? Realistically, how much will it cost you to write it; include lost opportunity costs? Have you got anything better to do? Will writing this keep your skills up to date so that if you do get a good job offer you'll be ready to go right to work? That latter is fairly important.

If you do write something you think may be valuable, go look up the latest books on intellectual property - O'Reilly publishes several of them. Be sure to get the latest, and more than one is better - and go through them carefully. If you think your stuff is really valuable you might want to get some legal advice, but let me warn you, intellectual property law is very tricky, and most lawyers not only know almost nothing about it, but worse, many of them think they do. Worse, intellectual property law varies depending on what property is being protected. Ask around before paying for legal advice.

One reason authors tend to work with established publishers is that even though publishers often know less about copyright law than they think they do, most do have access to people who really know the stuff, and they often have need of them. Protecting yourself from piracy - and I don't mean just casual piracy, but actual legal theft of your rights - isn't easy; as I said, that's one major reason most authors stick with established publishers, who have legal departments as part of the cost of doing business. It's a cliche to say it's a jungle out there - but many cliches are derived from truth, and that one most certainly is.

Getting Out of the Domain

Back in 1999 I set up the Chaosmanor domain with Active Directory on two machines running Windows 2000 Server. I knew at the time that I didn't need that complex a network, but a number of my readers did. In those days networking was hard, Active Directory was new, and many of my associates were curious about how well it would work. At worst this was another of those silly things I do so you won't have to.

Actually, it worked pretty well. Windows Server 2000 with Active Directory had some infuriating requirements, and it really wanted everything done precisely its way, but from 1999 until this year it served me well. When Windows Server 2003 came out I was tempted to upgrade to that, but there was never any powerful reason to do so, and as time passed it seemed less attractive. I had novels to write and other work to do. I was able to try several Linux-based on-line backup systems - Mirra was one of them - and those worked just fine. Of course machines were getting better, and my old servers were getting more obsolete each year.

Then one of the servers died. The network didn't really notice that (barring that I had to change some IP addresses), but now I had a single point failure source that could bring down my entire system, and it was time to think about what to do next. Unfortunately that was when I began to develop symptoms that were at first diagnosed as degenerative arthritis, and got worse from there. Eventually it was discovered I had a growth - in future I'll call it The Lump - in my head: and one of the symptoms was a distinct reluctance to undertake new projects.

Last spring two things happened. They put me into an intense X-ray treatment program, and I got a new iMac 20, MacBook Air, and MacBook Pro, with some powerful incentives to look into the Mac world and consider a switch from PC to Mac.

I did some things with the Mac, including installing Windows XP running under VMware Fusion - and I managed to get the Mac to talk to the Active directory as a Mac, and the XP running as a Mac application to talk to the net as a Windows machine. It wasn't easy, and Active Directory made it harder, but it did work. On the other hand, it was quite clear that Windows 2000 Active Directory didn't like Macs and didn't like the way Macs networked; while the Mac OS X loathed Active Directory and actively fought becoming part of it.

The Macs and the PC's really didn't like to communicate with each other but from about January to July of 2008 I was running pretty well on autopilot. If I could come up with a kludge that would keep things working I'd use it, but I wasn't up to a close examination of my network, much less deciding on a systematic remedy to my problems.

About August I came up for air. Most of my worst symptoms were gone, and in September the Kaiser medical team determined that The Lump was indeed gone, and there were no signs of any cancer left in my system. The radiation had worked - and I was getting my sense of adventure back. I was ready to make changes in the system.


I had a number of choices. One would be to start up a new PC running Windows 2000 Server. It wouldn't be that hard to set up, and the two servers would back each other up. In other words, keep the Chaosmanor domain and Active Directory.

Second choice, and the one I had intended back before the Lump laid me up, was to set up a Windows 2008 Server and transfer the Chaosmanor domain including Active Directory to that.

Third choice was to nuke both the domain and Active Directory and move all my machines to a workgroup. I could then, if I wanted a backup server, add Microsoft Home Server to that. Home Server works well with a workgroup and doesn't need a domain.

Fourth choice was to install Clark Connect, www.clarkconnect.com which sets up networking on a Linux box. I could use one of the spare machines. Phil Tharp, who has both Windows and Mac systems networked (and changes his network setup frequently) uses the Clark Connect system and for him it works flawlessly. He has offered to help get that running here.

My inclination was to the first choice, but my advisors all hooted at me. I have no need for an Active Directory domain network, few of my readers use anything like that, and it is slowly deteriorating; "That way lies madness," said Peter Glaskowsky, and after some discussion I decided he - and the others - were right.

I had missed the window of opportunity on the second choice. Back about a year ago Alex Pournelle, Eric Pobirs, and Dan Spisak had to learn Windows 2008 Server, and were eager enough to do it that they offered to come here and set it up for me. Alas, that was when The Lump was working its dismal magic to rob me of any courage or sense of adventure, and I let the opportunity get past. I could probably bully one or more of them into coming to do it now, but their very reluctance was a message: the benefits weren't all that great, and it wasn't all that easy. Windows 2008 Server remains a possible choice, but one I think I will never make. It's quite suitable for a large establishment, but I'm trying to make mine smaller...

Choice four, a Linux system running Clark Connect software, remains a future choice, and I suspect it's one I'll take one day, but at the time it seemed more complicated than the third choice. Besides, I'd have to nuke the domain and Active Directory whatever I did, so the obvious thing to do was bite the bullet and get to it; and in theory at least setting up a workgroup would be simple.

Network Workgroup Essentials

My experience with Windows Server 2000, the Chaosmanor domain, and Active Directory made me believe that I knew something about networks. It turns out that everything I thought I knew about networking is wrong. Fortunately my misconceptions didn't prevent me from getting rid of the domain and establishing the workgroup. I will include as an appendix to this column a discussion among my advisors detailing the reality of networking, and those who really want to know can read it; but since I managed to get things working despite my misconceptions, you don't really have to.

There are several essential elements to networks. First, of course, are physical connections. That's no problem here. We have Ethernet lines all over the place. Secondly, you need some way to assign an address to every machine on your network so that when you go out to the Internet the places you visit can find you. The usual way to do that nowadays is with a DHCP controller. That's a gizmo that assigns unique IP addresses to each machine in the network. Something must also do DNS (Domain Naming System) which means keeping track of what computer name goes with which computer, so that if you try to connect to Satine from Emily everyone knows which machines you are talking about. I suppose it might be possible to hard code all this, but I have no idea of how. It's simpler to use DHCP and DNS. (A more correct explanation of that is in the appendix; this will do for the moment.)

Windows has the capability to do all this: you can have one machine become the Master Browser. ( see this link ) There are wizards built into Windows that are supposed to make this easy to do. I say supposed, because I have never done it, and I'm not likely to. One problem with doing it this way is that the usual practice is to have your Master Browser machine connected directly to the Internet, and that's a poor idea. There are just too many security risks despite all the efforts Microsoft has put into building firewalls and other security software.

The fact is that it's very difficult - I'd say impossible - for a system to protect itself with software. Far better is to have a hardware device that does the protecting. Those devices are called routers. They're cheap, and most of them are easy and simple to set up. We use the D-Link Wireless Gaming Router D655. D-Link comes with some of the best documentation I have ever seen. Alas, sometime in the past few years, D-Link stopped putting printed copies of that documentation in the box: it's all on the disk with the installation software. The good news is that installation is all pretty simple.

Let me emphasize: if you have a computer connected directly to the Internet, the chances are pretty good that it has already been compromised. Get a router even if you have only one computer and don't contemplate networking it with anything else. Once again I recommend D-Link as being both reliable and economical.

Incidentally, I know that you can use a Windows system and aim that machine at a router, thus providing router security; but since any decent router knows how to do everything you need done to set up a workgroup, and is likely to be better at doing it than Windows will be, it's rather pointless to do it with a user's machine. Better to let the router do it all. Of course you could always use a router, then a Linux box running something like Clark Connect (making it what amounts to a second router) for even better security. That's another story, and one we won't get into this month. And again, see the appendix to this column for more.

Project Workgroup

I had originally thought to include step by step instructions on how to set up a Workgroup Network by going through all the things we did, but that would take forever, and besides, the instructions that come with the D-Link Router are likely to be good enough. I did learn a few things you may find useful.

First, be very careful to understand that when you change a computer from a domain to a workgroup, the domain user - which may be the user name you have logged in with! - vanishes. That user exists only on the domain, and when you take the machine off the domain, it will not remember that there ever was such a user. If you still have the domain server, you can, painstakingly, turn on the domain server and then put the computer back into the domain and restore that user, but it won't be easy. If you've already set up a router to assign addresses and names, the domain server and your network system will fight to see which one does what, and you'll have an unholy mess. Believe me. It happened here.

Therefore: Before you remove your computer from the domain, make very certain that you know how to log on to the machine as the local Administrator. Every computer has an Administrator account, but you may not know the password. In the case of an older machine, the odds are very good that you don't know the password even if you think you do. I certainly didn't know it for all of mine.

The proper procedure is that while your domain exists, try logging on to each machine as the local - not domain, but local - Administrator. If you can't log on as local administrator, use the domain to get in as an administrator, and change the local Administrator password to something you have written down. Then test it.

If you are logged in as anyone but the local Administrator and use Control Panel - Administrative Tools - Computer Management - Local Users and Groups - Users and then right click on local administrator and choose set password, you will get a strange warning message that changing that password may cause irretrievable loss of data. Unless you have been using the local Administrator account as a regular account, you can entirely ignore this message. Even if you have, it's not terribly likely to have any real meaning. It is possible that you have used the Local Administrator user account to store encryption keys or something of the sort, in which case you may have a problem; but otherwise it's most likely irrelevant. If it worries you and you have an alternate way to log back on, log off and try to get on as local Administrator. If you can't, it hardly matters that you may irrevocably lose some data. Go ahead and change the password unless the threatened data are really and truly important; and if you have no idea what those threatened data are, then it's exceedingly likely that ignoring that warning will do no harm.

Do note that if there really are data you can't afford to lose under the local Administrator account, there are ways to blank out the local Administrator password and gain access to the account. It takes a Linux program, and I'll have more to say on that later; but for most of you, there is nothing to lose by changing that password. In any event it is very important that you be able to log into your system as the local Administrator, and until you can do that, do not take your system out of a domain. And once again, note that this doesn't apply to most of you, who won't have a local domain network to begin with. On the other hand, you certainly will need to be able to log on as the local administrator.

When you can log on as local administrator, do that, go to networking, and put your machine in the Workgroup, thus removing it from the domain. (This is generally done in the Computer Name command window. There's a wizard.) When you do that, your older user account will no longer exist. All the settings files will remain, but the account is gone. Of course if you were never part of a domain to begin with, none of that applies.

Now go to Control Panel and networking and make certain that your system gets its IP address and DNS server "automatically". You do not want those hard coded in as you might have done when the system was in a domain. If it is a new machine that hasn't been networked before it's unlikely to have been hard coded; but if you have real problems with your new Workgroup, go look there. That's probably the difficulty.

You must now go to Control Panel, Administrative Tools, Computer Management, Local Users and Groups, Users, and create the account you will normally use to access the computer. The simplest thing to do is to use the same user name and password for all the machines, but of course that only really works if you're the only one who'll be using them. In my case this is likely, but it probably won't be for you. Most people have multiple machines because there are multiple people using them. One user, at least one CPU. But if you are going freely to transfer files between and among the machines, you're going to have to know a user name and password for every machine. There are alternatives, such only as sharing certain folders, and restricting certain users to certain privileges, but that gets complicated, and is the main reason for taking the trouble to install one or another version of Windows Server.

Before logging out as local Administrator, go to Groups and put your new user account into the Administrator or Power User group, or whatever group you feel comfortable with; given Vista's aggressive security features you may find that you have to run as administrator lest you go stark raving mad, but that depends in part on what you do with the machine.

Now log in as the usual user. Set up sharing. That's different for Windows and XP - Microsoft seems to delight in changing the way these things are done, and also does this differently for domains and workgroups. Do understand that if a disk drive is not set to be shared, no other machine will be able to get at that drive. You don't have to share an entire drive; it's possible to share one or more folders within the drive if that suits you better.

Now look for other computers on the network. Try to log on to one. If you have used the same user name on several computers, Vista will infuriate you by saying you can't use that username. What it really wants is \\DISTANTCOMPUTERNAME\username. In Vista you can map a shared network drive by going to Computer, and up on the tool bar find Map Network Drive (if you routinely open Computer in a narrow window it won't be there; expand the window to see it). After that it's a simple operation, and the Browse feature will often find computers that the Network Window did not see. I have no idea why, and Microsoft doesn't seem to know either.

Workgroup works, and you can transfer files between and among machines. It's fussy, and sometimes you have to reconnect complete with Username and Password; I don't know what causes the systems to forget. They just do. Also, Vista machines have far fewer problems seeing and remembering other Vista machines than they do XP and Mac OS X systems. Once again I don't know why.


One major tool for dealing with networking is the command window (Start -> Run: cmd). There are many possible commands, including the very useful ipconfig. Ipconfig /? will give you examples of what the program can do. In particular, ipconfig /all will give you considerable information about the networking settings of your machine, while ping (computername) will tell you if this particular machine can see the named machine. If it can't, your network will need adjustment.

When dealing with networks you often have to reset the machine, or log out. Sometimes, though, there's a simpler way to reconfigure the IP address of the machine. The command is ipconfig /release, which will hit the machine over the head so that it no longer remembers its address and other networking information. You then do ipconfig /renew, and it will go out to the DHCP server (router or Master Browser) and get new address data.

However, with Vista there's a trick to using ipconfig /release: you may get a message that says this requires elevation. That conjures up a number of pictures for me, and reminds me of a 15th Century Parisian sermon delivered in the Notre Dame, in which the preacher exhorted the congregation to refrain from fornication during the Mass, or at least not during the Elevation. What Windows Vista means by elevation is that you must run the command window as administrator - and it doesn't matter if you are logged on as Administrator either!

To run the command prompt window as administrator, you must first be able to right click on the command to launch it. Since Vista hides both the Run and Command Window commands by default, it can take some digging to find out what to do. To get at the Command Prompt you need to open C:\windows system32 and find cmd.exe. Right click on it to pin it to the start menu. Now you can open it with a single click without having to go through run - or you can right click on it, and when the menu pops up select Run as Administrator. That is what elevation means, and now if you do ipconfig /release it will do just that. If, after ipconfig /release and before /renew, you do ipconfig /all and your system still has an IP address, you may be sure that something is hard coded, and you'll have to do something about that. (Bob Thompson says "Rather than 'hardcoded' I'd say something like 'this machine has been assigned a static IP address rather than configured to obtain a dynamic IP address from a DHCP server'," which is certainly a more accurate way to put it.)

There is a way to set the Command Window so that it always runs as Administrator. There is also web chatter about the wisdom of doing that. I won't get into that argument, but I choose to run the Command Window without automatic elevation. More on this is appended at the end of this column.

Connecting Macs to the Workgroup

The main reason I abandoned the older domain system to set up a workgroup was that the Macs and Active Directory had a relationship of mutual loathing. Fortunately, once a workgroup is set up and the Mac is part of it, connecting to individual drives and computers in your workgroup is pretty simple; but it does have to be done the Mac way, and Mac OS X has what in charity I will call idiosyncrasies.

The simplest way is if the Mac shows you the other machines in the SHARED section of the Finder window. For reasons incomprehensible to me, sometimes all the machines in the workgroup appear there. You can click on one of them, it will try to connect, and either it does connect or it fails; if it fails you then tell it to 'connect as', and type in the Username and Password for that machine. That works and you're done.

Alas, sometimes those machines do not appear in the SHARED section of the Finder. This morning, for example, I turned off - literally turned off - every machine in the house, including all the Macs, all the Vista machines, and all the XP machines. Then I brought them all back up. Everything looked great! The Vista machines saw all the other Vista machines, all the Macs, and all the XP machines. Connecting was a snap.

Moreover, the Macs saw both Vista and XP machines. They appeared in the SHARED section of the Finder window. I cheered and began writing this column. A couple of hours later I looked at the iMac 20 - and the only entities in the SHARED section of the Finder window were the other Macs and the Time Machine. The Windows systems, both XP and Vista, had vanished. I was ready to panic. Indeed I did panic, and told the Mac to turn itself off. I brought it back up. Nope. The SHARED window of the Finder contained only Macs and the Time Machine. It was as if the Windows systems no longer existed. Note that none of those machines had been turned off or reset. Nothing had changed except that time had passed.

I managed to overcome my rage and panic - equal parts of each - and went through my notes, where I discovered how I had connected the Macs to Windows machines in the first place. Open a Finder, then do "command-K". That's the "splat" key and K simultaneously. It brings up a window that can be used for many things, but in this case it's a Samba window.

Now you can type in the name of a computer that's in the workgroup, in the form SMB://SATINE (assuming you have a machine called Satine in the workgroup). Fill in the user name and password that you're connecting to that computer as, and then you'll be able to mount a shared disk or folder or other asset.

I did that on the iMac 20, and Lo! there was no problem. The network appeared. I could connect to any asset on it. All was well. Then I realized there was a browse window, and several machines appeared in it. Alas, Emily was turned on and is part of the workgroup - but didn't appear in that browser window. However, typing in SMB://Emily got a dialogue window asking for user name and password, and that connected - after which Emily was in the SHARED list. Mysterious, but it works.

Meanwhile, most of the network items had vanished on Emily, the Intel Quad Extreme system that's my main "everything but communications" system. They had been there earlier in the day, and once again the machine hadn't been turned off. Now the only machines visible were the Vista systems. No XP machines. I couldn't see the ThinkPad t42p laptop that I use for fiction up in the Monk's Cell. No Macs, even though the iMac 20 was connected to Emily. Just Vista machines. I ground my teeth.

However, in the Network folder in Vista there is a symbol that looks a bit like a pair of circling arrows, which forces a refresh. Clicking that restored the network. The machines suddenly were all visible, and I could connect to them, although some of them did require that I give a user name and password - but once given that was remembered.

The Happy Ending

A few things remain. LisaBetta, my wonderful but aging HP Compaq t1100 TabletPC, is not dead but in a coma, because I removed her from the domain, but I did not first test my ability to log on as local Administrator. I thought I knew the password. I did not. I can turn LisaBetta on, but I can't log on in any way. Fortunately that's repairable.

A reader has sent me a Linux utility boot disk which will in theory revive her, and I have a number of leads to other web sites from which I can download Linux plus utilities to the iMac 20 and burn a disk image, which will boot LisaBetta into Linux and let me run a utility that will null the Administrator password. (This is what the disk my reader sent me does, and of course I'll try that one first; but I owe it to you all to try downloading and burning for myself as well. I confess that I encouraged my reader to send me the disk just in case my courage failed me. I do seem to be more susceptible to a case of nerves than I was before The Lump and the hard X-rays.) I'll do that early next week, and report in a later column. Readers have recommended several means for restoring LisaBetta, but the one most often recommended is found at this link, to reset the administrator password.

Newton, the "box of drives" XP computer I built a few years ago when drives were smaller, has not been turned off in years. He has been restarted as Microsoft sent in updates, but never shut down. When I went in and made sure the Administrator password was set, I told the computer to install updates and shut down. I should have logged out; when I attempted to boot up Newton I got disk read errors. This is hardly tragic: Newton has no applications I need, and I suspect every whit of data stored in there exists in three other places. In any event it is no great trick to open Newton up, remove his drives, and look at them on another machine. I'll get to that next week, after which I can decide whether or not to refurbish him with new Western Digital 500 GB hard drives and install Windows XP, letting him become once again a box of drives for redundant data backup. Before I do that I'll probably install Windows Home Server, and once I have done that, it may be that Newton will simply go off to a new home. Everyone tells me I ought to simplify my life, and getting rid of some surplus old Pentium machines is one way to do it. In any event there's no hurry about any of this.

And with those two rather easily remedied exceptions, all is well. The D-Link Gaming Router DIR655 controls the workgroup and connects to the Time Warner cable modem. My MacBooks connect to the iMac and Air and also to any Vista or XP system that's turned on. The Vista and XP systems connect to each other and to the iMac 20.

There are some quibbles about connecting Vista systems to Khaos, the MacBook Air but that, I suspect, has to do with the way the MacBook Air is set up; it hardly matters since she connects to the other Macs without problems, and her purpose in life is to be a true laptop: one I can carry almost anywhere and use on a table or in my lap. I love that machine. Last spring when I was sitting in the Kaiser waiting room waiting for them to tie me down to a table and burn out my head with hard X-rays, it was enormously comforting to have a real computer I could do real work on. No compromises. Full keyboard, backlit keys if the room lights are down (they weren't: the Kaiser radiation treatment waiting room is a very pleasant and well lighted atrium room); good keyboard feel. Good control with the mushpad (tap with two fingers to right click; various other gestures work, too). Easy Wi-Fi connection. The only way to connect to a cell phone data net is through the USB port; since I haven't yet signed up for any wireless data service that's not a real problem. I don't use Khaos as my only computer when I go on trips.

The bottom line, though, is that the Workgroup works. It took longer for me to set it up than it's likely to take you, because I had to nuke the old Active Directory Windows 2000 Server network first, and many of my machines had hard coded addresses and other such distractions.

And the moral of this story is that it can be made to work: have courage and press ahead. You'll get there. But don't let Aunt Minnie try this on her own...

Vista 64 bit Problem

Internet applications in general are 32-bit, and if you run Vista 64 you will need a 32-bit media player. This turns out to be trivial for Internet Explorer; you can find the remedy with Google. With Firefox it's not so easy to find what to do, or at least it wasn't easy for me.

All last year the Vista 64 system showed videos just fine on both Firefox and Internet Explorer. Then there was a series of updates to Vista, to Firefox, Internet Explorer, and Flashplayer; one or another of the updates did me in. I could no longer run videos at all. They wouldn't even try to run. I fooled around with Internet Explorer and got that working - I am not entirely sure how, but it was easy enough to find instructions by fooling around with Google. The update for Firefox was much more difficult to find, at least for the Vista 64 system.

I cruised through all the Firefox add-ons and extensions until I found the right download site. I went there and downloaded and installed the latest Adobe Flashplayer, and now all is well. (The test I use is, will it play: http://www.youtube.com/watch?v=1ftld7Ohojg, which I find amusing.)

Fair warning: when I installed that Flashplayer update, it required me to shut down Firefox (including the download window). When I did that the installation went well, but on restarting Firefox my previous session was not restored. I had a brand new Firefox with no tabs at all. This happened on two different Vista machines. Fortunately I have bookmarked most of the sites I like to keep open. Alas, it is my practice to open sites recommended by readers as a way to keep track of them so I can read them later to see if the recommending mail should go into Chaos Manor Mail, and all those were lost.

This has been the only real difficulty I have had with 64-bit Vista.

Winding Down

The movie of the month is the James Bond film Quantum of Solace. We saw it with friends, and everyone including Roberta agreed it is an entertaining film. Daniel Craig gives us a different kind of James Bond from previous actors. He's also considerably different from Ian Fleming's very cool and sophisticated (and very Scottish) Commander. There's a lot more chase and thunder in this film than in previous Bond films. There's also less emphasis on high tech weaponry, and Q, the slightly mad chief technologist of the secret service, doesn't appear. Neither does Moneypenny. Dame Judi Dench gives her usual near perfect performance as M, although one suspects that Ian Fleming would not have been happy with a woman head of the secret service.

Unlike the novels, the plot in the later Bond movies is nearly irrelevant, and in this case doesn't bear a lot of close examination. I confess I liked Fleming's stories better than Hollywood's versions, but that doesn't mean they aren't whacking good stories all the same. Definitely worth seeing.

The book of the month is The Man Who Owns The News, Inside the Secret World of Rupert Murdoch, by Michael Wolff (Broadway Books, Random House). There's a lot of detail in here, much of it quite new to me. Some years ago I was once offered a position in the science reporting staff of News Corp., and although I didn't follow up on the offer I did take the opportunity to look into the way Murdoch's organization operated, and I certainly didn't find out as much as is in any typical chapter of this book.

Understanding the media - which means knowing something about News Corp. - is important to those who are trying to descry the future, and this book is indispensable for that. It's also well written and easy to read. Recommended.

For those interested in the history of small computers, On The Way To The Web, The Secret History of the Internet and its Founders, by Michael A. Banks (Apress) is worth your while, as is the Foreword by Orson Scott Card. The book is pretty well what the title says it is. Alas, the coverage is spotty. For example, I'm not in the index, although I played a role in some of the stories told in the book. I haven't seen Michael Banks in more than a decade, but in 1992 we collaborated on a book called, curiously, Pournelle's PC Communications Bible by Michael Banks and Jerry Pournelle. I didn't have anything to do with the title. Banks was the principal author. I'm not really sure why I was involved with the book at all, but in those days my BYTE column was pretty well known. BIX, the BYTE Information Exchange, was certainly important in the development of the web. So was GE's Genie, and my pages in those services had a lot of activity and were probably the busiest parts there.

The computer book of the month is MACS, Portable Genius, by Paul McFedries, Wiley. This is one of the best Mac handbooks I have yet seen. It's detailed, well laid out, and thoroughly illustrated. I have to set up my Mac Book Pro, and I have found that much of what I need to keep in mind is covered in here. The preface says "This book is for Mac users who know the basics but want to take their Mac education to a higher level." That's as good a description as any I could come up with, and it's very well done. This is one book of a series of Portable Genius books. Highly recommended.

* * * * *

Column Appendix

My first draft of this column sparked considerable discussion among my advisors, mostly because it showed that I didn't really understand networking. I blame my long experience with the Active Directory domain for that: domains and workgroups have less in common than I thought. In any event, I append some of that discussion for those who are interested in the technical details of networking.

Eric Pobirs noted:

My thought on the Stephen Donaldson pitch: "Hey, lets have a pair of trilogies, that by the end, have you gladdened at the hero's death and feeling somewhat sorry for the villain forced to spend eternity with the whiney hero."

At the workgroup level there is no need for DNS. This only comes up when you have internet or a domain, which is very much like having your own little internet. One of the big changes from NT Server to Windows 2000 was not just Active Directory but the orientation towards doing as much as possible within the TCP/IP standards. Thus DNS became a major element of a Windows domain that had formerly been handle by proprietary Microsoft stuff.

Remember WINS and all that fun? That may be where your memories of netmasters lurks.

The workgroup is peer-to-peer. Under the hood, there are times when a particular machine is handed the reins for some operations but this is short-lived and only a temporary failure if that machine drops out of the network. Otherwise you'd have some really annoying and unpredictable dependencies in any busy workgroup with users coming and going all day. The only thing that should be lost to a workgroup when a machine drops out is that specific machine's resources, like a local printer or drive.

In cases where a dedicated router isn't available, nowadays requiring time travel to an era before they started coming out of cereal boxes, you could use Internet Connection Sharing (introduced in Windows 98 SE) to have one machine with an internet connection act as NAT router for the rest of the network. I did this briefly when I was still on dial-up but bought my first Linksys not long after getting DSL in 1999. A bargain at only $160!

This is the only time when a member of a workgroup should be performing DNS task for the other nodes. Even then, it is typically just repeating what it was assigned by the ISP when it connected.

There isn't anything happening in a router that can't be done on a PC.

(The first routers [Internet Message Processors] were modified Honeywell minicomputers costing about $500K each in 1969 bucks.) It's just a very simple computer with some hardware features for handling its job more efficiently but with most of the interesting still in software. It's just that with a dedicated device it's far easier to minimize the attack surfaces. An old PC running an extremely cut down OS and router app (there are a number of Linux based setups that were completely contained on a floppy) is just as secure as a dedicated router but a power hog for all the excess hardware.

Routers don't know about workgroups. They only know about IP networks. (Other protocols could be used but these days it's just about always IP.) If they're acting as a DHCP server that gives the individual machines their addresses and provides DNS service but only as an Internet gateway. The DNS is either the router itself or a duplicate of what DNS servers out in internet are being used. Most often those supplied by the ISP.

The workgroup is just a shared belief by machines overlaying an IP network. You can have any number of workgroups on the same IP network and all of the machines will see each other. Creating, for instance, a workgroup called 'accounting' involving four out of a dozen PCs, is just a way of defining things in more human terms so shared resources can be controlled, like a shared drive that should only be visible to other members of the Accounting workgroup. The actual setup is all manual labor compared to the automation a domain allows. That is, if you don't count the considerable labor in getting the domain designed and executed correctly. Well worth it if you have 100 accountants among 900 employees but not so much out of a dozen users total.

Take away the router and the workgroup should keep going just fine, just without internet access. Each machine will randomly assign itself a 169.x.x.x address for local networking purposes.

When eliminating a domain server and reverting to a workgroup, you should test the whole thing using local logins. Under those conditions the domain does not exist and the network behavior should show what the workgroup will be like after the domain accounts are removed. There is no real difference at that point.

The different ways to find machines on the network are there for good reason. Things used to be far, far slower, both in terms of network bandwidth and processor cycles. Having the network be overly chatty could be a real drain on resources. So some discovery operations only happen on a timed cycle. Other tools bypass the interval and go for immediate discovery.

If your system hasn't caught on to the existence of another machine and you know that machine's IP address, using that is the surest way to track it down. Entering \\, for instance, should show you that machine and its shared resources without waiting for the discovery cycle to catch up.

Sometimes stuff just doesn't want to play nice. Going directly to the IP address usually deals with that.

The protocols have evolved and changed over the years, generally for the better. But this can make for problems in a multi-generational network.

Often there are updates that bring older OS versions up to snuff but not always. For instance, Vista uses a newer discovery protocol for printers that is a IETF standard. This generally makes for approval all around but for some mysterious reason, while XP Professional has an update available to support this new standard, it isn't usable on XP Home. This means an XP Home machine can be unable to share a printer with a Vista system.

There is a workaround that involves manually feeding the pertinent details to the Vista system. Not a big deal if you know about such things but my client would never have worked it out on his own. This only appears to affect some specific models of printer. My Vista desktop and laptop have no problem seeing and using the Samsung laser printer hanging off my XP Home system. My client's printer was an HP MFP. This category of products and its problems is one of the primary reason for the Device Stage featuring being developed for Windows 7, though Device Stage will also be very useful for some other multi-faceted items like smartphones that can be viewed as many kinds of device at the end of a single cable.

Getting a command window in Vista is much easier than what you've written. Remember, you have a search line at the base of the Start menu.

Just hit the Windows key on your keyboard and type 'cmd.' The needed icon will appear in the menu and you then right-click to run it as an Admin. Or, rather than reaching for the mouse, use CTRL-SHIFT-ENTER to run the first item in the list as an Administrator.

Also, if you need an Admin command line frequently, you can right-click on the Command Prompt icon, select Properties, then click on the Advanced button. There you'll find a check box to enable the Command Prompt to always launch with Admin privileges. The UAC prompt will still appear, so users with low privilege accounts would still need an Admin password to proceed.

Alternatively, you can just hit Windows+R to open the Run box and type 'cmd' into that if you don't need Admin powers. There may be a way to do the Admin thing from there but I don't recall.

To add the Run entry to the Start menu, right-click on the Start button, select Properties, then click on the Customize button. In the list is a checkbox to show the Run selection in the Start menu. The thing is, once you get used to using the built-in search line, there isn't nearly as much use for the Run command anymore. It's mostly only useful for entering long command strings without opening a CLI window first, if you don't need to see any output before the windows automatically exits upon completion.

I would suggest that Newton is a really good example of the sort of machine to be replaced by a good OEM Windows Home Server box. You could run WHS on a regular PC but machines like the HP you saw at WinHEC are designed to do the job with minimal power draw and space requirements. Even on standby, Newton probably draws considerably more than a competing WHS box or competing solution. And it may be contributing to the nasty heat you get upstairs. Recall, the main target of the Energy Star initiative at its start, wasn't the power draw of the PCs and their monitors. It was their contribution to air conditioning costs for a large office building that can verge on uninhabitable if it loses AC. It could be interesting to calculate what Newton has cost over its largely idle existence compared to the solution now offered.


For the record, I have an HP Windows Home Server box, which is the next thing that will be installed here; it should do for the Windows machines what Time Machine does for the Macs.

Robert Bruce Thompson also had comments:

Just so we're clear, DNS has nothing directly to do with Windows Networking. DNS is for TCP/IP (Internet) name resolution. For example, you might have a TCP/IP domain on your private (internal) network called "home.jerrypournelle.com". One of the machines on that network might be named "satine.home.jerrypournelle.com" and have an IP address of DNS matches that IP hostname to that IP address. So, for example, if satine has a web server running on it, you can access that web server by typing "www.satine.home.jerrypournelle.com" into the address line. DNS resolves that name into the IP address

You don't need a local DNS server to resolve public IP address (like www.jerrypournelle.com). That job is done by public DNS servers, such as the ones at your ISP. (You can run a local caching DNS server, but that's a separate issue.)

For Windows Networking, machines get NetBIOS computer names, which may be the same as the IP hostname. (Satine, for example, has the NetBIOS computer name "satine" but also has the IP hostname "satine.home.jerrypournelle.com".) From a Windows Networking point of view, that similarity in names has nothing to do with DNS. You can install a WINS (Windows Internet Name Service) server to do the equivalent of DNS for NetBIOS computer names. Your WINS server, for example, maps the NetBIOS computer name "satine" to the IP address, allowing Windows Networking protocols to operate over TCP/IP transport.

"Workgroup" is a Windows Networking concept that has nothing to do directly with TCP/IP. Any router can support a local private IP network, but that's not a "workgroup" in any sense. It's simply a group of machines all of which have IP addresses that are members of the same subnet and so can communicate with each other via TCP/IP. As far as making a Windows workgroup, that's all done by the Windows machines themselves, via two Windows services, the Workstation Service and the Server Service. Or so I dimly recall from the days when I knew a bit about Windows Networking.


And Alex Pournelle concludes with:

Bob does a good job of 'splainin' the OSI/ISO layer model. This is a good way to think about it, since it's the way that designers do (and how everything is put together, for that matter).

He's right; NetBEUI hasn't been supported by Windows since, hmm, I think 2000. It was great if you never wanted to have more than a single network segment in your network, but terrible otherwise.


Here endeth the lessons.